Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

Remediation

References

CVE-2010-1256

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43841)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1237)

WordPress Plugin GamiPress-The most flexible and powerful gamification for WordPress Multiple Vulnerabilities (2.5.6)

Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6850)

Severity

High

Classification

CVE-2010-1256 CWE-94

Tags

Missing Update Known Vulnerabilities