|MS10-039||Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)||Internet Information||Critical||09-06-2010|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request.
Detailed Information on the risk:
A remote code execution vulnerability exists in Internet Information Services (IIS). The vulnerability is due to improper parsing of authentication information. An attacker who successfully exploited this vulnerability could execute code in the context of the Worker Process Identity (WPI).
Further information on this exploit is available at : MS10-040
Affected SoftwareInternet Information Services 7.0
Internet Information Services 7.5
Microsoft Internet Information Services 6.0