Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

Remediation

References

CVE-2010-1256

Related Vulnerabilities

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-5591)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.42)

WordPress Plugin WooCommerce Address Book Cross-Site Request Forgery (1.5.6)

Plone CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7939)

Oracle JRE CVE-2012-5072 Vulnerability (CVE-2012-5072)

Severity

High

Classification

CVE-2010-1256 CWE-94

Tags

Missing Update Known Vulnerabilities