{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T12:12:07.615","vulnerabilities":[{"cve":{"id":"CVE-2010-1256","sourceIdentifier":"secure@microsoft.com","published":"2010-06-08T20:30:02.367","lastModified":"2026-04-29T01:13:23.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to \"token checking\" that trigger memory corruption, aka \"IIS Authentication Memory Corruption Vulnerability.\""},{"lang":"es","value":"Vulnerabilidad no especificada en Microsoft IIS 6.0, 7.0 y 7.5 cuando la Protección Extended por Autenticación está habilitada, permite a usuarios autenticados en remoto ejecutar código de su elección mediante vectores desconocidos relacionados con \"la comprobación del token\" que provocan una corrupción de memoria. También se conoce como \"Vulnerabilidad de Corrupción de Memoria en la Autenticación IIS\""}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:C/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.8,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"F7C954A7-FF84-4DEB-8728-5B207F374ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*","matchCriteriaId":"2978BF86-5A1A-438E-B81F-F360D0E30C9C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*","matchCriteriaId":"F7EFB032-47F4-4497-B16B-CB9126EAC9DF"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*","matchCriteriaId":"6881476D-81A2-4DFD-AC77-82A8D08A0568"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0A0D2704-C058-420B-B368-372D1129E914"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*","matchCriteriaId":"3A04E39A-623E-45CA-A5FC-25DAA0F275A3"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*","matchCriteriaId":"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*","matchCriteriaId":"7F6EA111-A4E6-4963-A0C8-F9336C605B6E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*","matchCriteriaId":"9CFB1A97-8042-4497-A45D-C014B5E240AB"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*","matchCriteriaId":"7F9C7616-658D-409D-8B53-AC00DC55602A"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*","matchCriteriaId":"B8A32637-65EC-42C4-A892-0E599562527C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*","matchCriteriaId":"FFF81F4B-7D92-4398-8658-84530FB8F518"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*","matchCriteriaId":"7AE15F6C-80F6-43A6-86DA-B92116A697A0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*","matchCriteriaId":"E33796DB-4523-4F04-B564-ADF030553D51"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*","matchCriteriaId":"CC916D5A-0644-4423-A52E-D4310906BE78"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*","matchCriteriaId":"95DC297F-06DB-4FB3-BFB6-7312C059E047"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/40573","source":"secure@microsoft.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040","source":"secure@microsoft.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58864","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149","source":"secure@microsoft.com"},{"url":"http://www.securityfocus.com/bid/40573","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58864","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorComment":"Per: http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx\r\n\r\n'Mitigating Factors for IIS Authentication Memory Corruption Vulnerability - CVE-2010-1256\r\n\r\nWithout the installation of KB973917 on Windows Server 2003, Windows Vista, and Windows Server 2008, systems will not have the Extended Protection for Authentication feature and will not be vulnerable.\r\n\r\nExtended Protection for Authentication is not enabled by default on any affected platform, even when a system has installed KB973917. Systems are only affected when this feature is enabled.'"}}]}