CVE-2010-1256

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/40573 - () http://www.securityfocus.com/bid/40573 -
References () http://www.us-cert.gov/cas/techalerts/TA10-159B.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA10-159B.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/58864 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/58864 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149 -

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*

Information

Published : 2010-06-08 20:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-1256

Mitre link : CVE-2010-1256

CVE.ORG link : CVE-2010-1256


JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_vista
  • windows_2003_server
  • internet_information_server
  • windows_7
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')