PT-2010-2961 · Microsoft · Iis
Published
2010-06-08
·
Updated
2023-12-07
·
CVE-2010-1256
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft IIS versions 6.0 through 7.5
Description
The issue allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption.
Recommendations
For Microsoft IIS versions 6.0 through 7.5, update to a version where Extended Protection for Authentication is properly handled to prevent memory corruption.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iis