Unrated severityNVD Advisory· Published Jun 8, 2010· Updated Apr 29, 2026

CVE-2010-1256

Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

Affected products

Microsoft/Internet Information Server
cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA10-159B.htmlnvdUS Government Resource
www.securityfocus.com/bid/40573nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040nvd
exchange.xforce.ibmcloud.com/vulnerabilities/58864nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.027
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000