CVE-2010-1256

CWE-94Code Injection4 documents4 sources
Severity
8.5HIGH
EPSS
33.5%
top 3.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Information Server
Timeline
PublishedJun 8
Latest updateMay 2

Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h6vp-xg23-hpm2: Unspecified vulnerability in Microsoft IIS 62022-05-02
CVEList
CVE-2010-1256: Unspecified vulnerability in Microsoft IIS 62010-06-08

💥Exploits & PoCs

1
Exploit-DB
PHPCalendars - Multiple Vulnerabilities2010-01-10
CVE-2010-1256 (HIGH CVSS 8.5) | Unspecified vulnerability in Micros | cvebase.io