CVE-2010-1256

critical

Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149

https://exchange.xforce.ibmcloud.com/vulnerabilities/58864

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

http://www.securityfocus.com/bid/40573

Details

Source: Mitre, NVD

Published: 2010-06-08

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.33545