CVE-2010-1256

Microsoft IIS 6.0, 7.0, and 7.5 - Authenticated Remote Code Execution via Token Checking Memory Corruption

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40573
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58864
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-159B.html

Scores

EPSS 0.2821
EPSS Percentile 97.9%

Details

CWE
CWE-94
Status published
Products (1)
microsoft/internet_information_server 6.0
Published Jun 08, 2010
Tracked Since Feb 18, 2026