Vulnerability Details CVE-2002-0869
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.273
EPSS Ranking 96.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
- http://marc.info/?l=bugtraq&m=103642839205574&w=2
- http://www.ciac.org/ciac/bulletins/n-011.shtml
- http://www.iss.net/security_center/static/10502.php
- http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
- http://marc.info/?l=bugtraq&m=103642839205574&w=2
- http://www.ciac.org/ciac/bulletins/n-011.shtml
- http://www.iss.net/security_center/static/10502.php
- http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983
Products affected by CVE-2002-0869
-
cpe:2.3:a:microsoft:internet_information_server:4.0
-
cpe:2.3:a:microsoft:internet_information_services:5.0