Vulnerability Details CVE-2010-1256
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.335
EPSS Ranking 96.7%
CVSS Severity
CVSS v2 Score 8.5
References
- http://www.securityfocus.com/bid/40573
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149
- http://www.securityfocus.com/bid/40573
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149
Products affected by CVE-2010-1256
-
cpe:2.3:a:microsoft:internet_information_server:6.0
-
cpe:2.3:o:microsoft:windows_2003_server:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_vista:-