Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft IIS认证令牌处理远程代码执行漏洞
Vulnerability Description
Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS Web服务器在解析从客户端所接收到了认证信息时没有正确地分配内存,远程攻击者可以通过发送特制的认证报文导致以工作进程标识(WPI)的上下文中执行代码。必须启用了Extended Protection for Authentication功能才可以利用这个漏洞(默认为禁用)。
CVSS Information
N/A
Vulnerability Type
N/A