1. Home
  2. CVE Database
  3. CVE-2010-1256
HIGH · 8.5

CVE-2010-1256

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors re...

Vulnerability Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

CVSS Score

8.5

HIGH

AV:N/AC:M/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftInternet Information Server6.0
MicrosoftWindows 2003 ServerAll versions
MicrosoftWindows VistaAll versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows 7-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2010-1256?

CVE-2010-1256 is a vulnerability with a CVSS score of 8.5 (HIGH). Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors re...

How severe is CVE-2010-1256?

CVE-2010-1256 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1256?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Server, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7.