Microsoft
Windows IIS Authentication Memory Corruption Vulnerability
Date Discovered:
08/06/2010
Severity:
Medium
Operating Systems
Affected:
Windows Server 2003 SP 2
Windows Server 2003 x64 Edition SP 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista SP 1
Windows Vista SP 2
Windows Vista x64 Edition SP 1
Windows Vista x64 Edition SP 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems SP 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Application
Affected:
Microsoft Windows
Internet Information Services 6.0
Microsoft Windows Internet Information Services 7.0
Microsoft Windows Internet Information Services 7.5
Identifiers:
CVE-2010-1256
Synopsis
Microsoft
Windows Internet Information Services is susceptible to remote
code execution vulnerability due to improper parsing of authentication
information. This
vulnerability could allow remote code
execution if a user opened a specially crafted Web page.
A
remote code execution vulnerability exists in Internet Information
Services (IIS). The vulnerability is due to improper parsing of
authentication information.
An attacker who successfully exploited this vulnerability could execute
code in the context of the Worker Process Identity (WPI).
An attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs, view, change, delete data, or create new accounts with full
user rights.
