Vulnerabilities > CVE-2002-1180 - Unspecified vulnerability in Microsoft Internet Information Services 5.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
NVD
Published: 2002-11-12
Updated: 2024-11-20

Summary

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS02-018.NASL
descriptionThe remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
last seen2020-06-01
modified2020-06-02
plugin id10943
published2002-04-23
reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10943
titleMS02-018: Cumulative Patch for Internet Information Services (327696)

Oval

accepted2005-02-16T12:00:00.000-04:00
classvulnerability
contributors
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
descriptionA typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
familywindows
idoval:org.mitre.oval:def:931
statusaccepted
submitted2004-05-12T12:00:00.000-04:00
titleIIS5.0 Script Source Access Vulnerability
version65

References