MS10-065 MS10-065 - Important: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
Important2010-09-14 Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Information Services (IIS). The most severe of these vulnerabilities could allow remote code execution if a client sends a specially crafted HTTP request to the server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
CVE-2010-1899
Public exploit
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
Max CVSS
4.3
EPSS Score
96.96%
Published
2010-09-15
Updated
2021-02-05
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
28.26%
Published
2010-09-15
Updated
2021-02-05
CVE-2010-2731
Public exploit
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
Max CVSS
6.8
EPSS Score
25.88%
Published
2010-09-15
Updated
2020-11-23