| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-039 | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) | Internet Information | Critical | 09-06-2010 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request.
Detailed Information on the risk:
A remote code execution vulnerability exists in Internet Information Services (IIS). The vulnerability is due to improper parsing of authentication information. An attacker who successfully exploited this vulnerability could execute code in the context of the Worker Process Identity (WPI).
Further information on this exploit is available at : MS10-040
Affected Software
Internet Information Services 7.0Internet Information Services 7.5
Microsoft Internet Information Services 6.0