Lucene search

[email protected]CVE-2010-1256

HistoryJun 08, 2010 - 8:30 p.m.

CVE-2010-1256

2010-06-0820:30:00

CWE-94

[email protected]

web.nvd.nist.gov

572

cve-2010-1256

microsoft iis

extended protection

authentication

memory corruption

remote code execution

7.1 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.089 Low

EPSS

Percentile

94.5%

JSON

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to “token checking” that trigger memory corruption, aka “IIS Authentication Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:internet_information_servermicrosoft internet information servereq6.0

CPE	Name	Operator	Version
microsoft:internet_information_server	microsoft internet information server	eq	6.0

References

www.securityfocus.com/bid/40573

www.us-cert.gov/cas/techalerts/TA10-159B.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040

exchange.xforce.ibmcloud.com/vulnerabilities/58864

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149

7.1 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.089 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2010-1256

openvas2 securityvulns2 nessus2 prion1