<< Back
CVE Number Vulnerability Product Severity Date
MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) Internet Information Critical 09-06-2010

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request.
Detailed Information on the risk:

A remote code execution vulnerability exists in Internet Information Services (IIS). The vulnerability is due to improper parsing of authentication information. An attacker who successfully exploited this vulnerability could execute code in the context of the Worker Process Identity (WPI).

Further information on this exploit is available at : MS10-040

Affected Software

Internet Information Services 7.0
Internet Information Services 7.5
Microsoft Internet Information Services 6.0