CVE-2010-1256: Code Injection
First published: Tue Jun 08 2010(Updated: )
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Microsoft Internet Information Services | =6.0 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Any of | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Any of | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Internet Information Services | =6.0 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- http://www.securityfocus.com/bid/40573
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040
Frequently Asked Questions
What is the severity of CVE-2010-1256?
CVE-2010-1256 has a critical severity rating due to its potential for remote code execution.
How do I fix CVE-2010-1256?
To fix CVE-2010-1256, you should apply the latest security patches provided by Microsoft for IIS versions 6.0, 7.0, and 7.5.
What types of systems are affected by CVE-2010-1256?
CVE-2010-1256 affects Microsoft IIS versions 6.0, 7.0, and 7.5 when Extended Protection for Authentication is enabled.
Can unprivileged users exploit CVE-2010-1256?
Yes, CVE-2010-1256 allows remote authenticated users to exploit the vulnerability, potentially leading to arbitrary code execution.
What does the term 'memory corruption' mean in the context of CVE-2010-1256?
In the context of CVE-2010-1256, 'memory corruption' refers to the unintended overwrite of the memory, which can lead to system instability or hijacking by an attacker.
- collector/nvd-historical
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet information services
- version/microsoft internet information services/6.0
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- canonical/microsoft windows 7
- version/microsoft windows server/r2