Is CVE-2010-1256 actively exploited?

CVE-2010-1256 has no public evidence of in-the-wild exploitation as of 2025-04-11.

What is the CVSS score for CVE-2010-1256?

CVE-2010-1256 has a CVSS score of 8.5 (UNKNOWN severity). Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C.

How do I patch CVE-2010-1256?

Patch guidance is available from microsoft security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2010-1256.

Which products are affected by CVE-2010-1256?

1 product: microsoft internet information server.

CVE-2010-1256 - remediation guidance & executive summary

Description

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

CVSS Metrics

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Access Vector: network
Access Cmplx: medium
Auth: single
Confidentiality: complete
Integrity: complete
Availability: complete
Weaknesses: CWE-94 · Code Injection

Metadata

Primary Vendor: MICROSOFT
Published: 6/8/2010
Last Modified: 4/11/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2010-1256

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary