Vulnerabilities > CVE-2002-0869 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS02-018.NASL |
| description | The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10943 |
| published | 2002-04-23 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10943 |
| title | MS02-018: Cumulative Patch for Internet Information Services (327696) |
Oval
accepted 2007-08-02T14:47:16.571-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." family windows id oval:org.mitre.oval:def:929 status accepted submitted 2004-05-12T12:00:00.000-04:00 title Windows NT IIS Out of Process Privilege Elevation Vulnerability version 28 accepted 2005-02-16T12:00:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." family windows id oval:org.mitre.oval:def:930 status accepted submitted 2004-05-12T12:00:00.000-04:00 title Windows 2000 IIS Out of Process Privilege Elevation Vulnerability version 65 accepted 2007-08-02T14:47:16.863-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." family windows id oval:org.mitre.oval:def:983 status accepted submitted 2004-05-19T12:00:00.000-04:00 title Windows XP IIS Out of Process Privilege Elevation Vulnerability version 28
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
- http://marc.info/?l=bugtraq&m=103642839205574&w=2
- http://www.ciac.org/ciac/bulletins/n-011.shtml
- http://www.iss.net/security_center/static/10502.php
- http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983