Vulnerabilities > CVE-2002-1180 - Unspecified vulnerability in Microsoft Internet Information Services 5.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
NVD
Published: 2002-11-12
Updated: 2018-10-30

Summary

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS02-018.NASL
descriptionThe remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
last seen2020-06-01
modified2020-06-02
plugin id10943
published2002-04-23
reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10943
titleMS02-018: Cumulative Patch for Internet Information Services (327696)

Oval

accepted2005-02-16T12:00:00.000-04:00
classvulnerability
contributors
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
descriptionA typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
familywindows
idoval:org.mitre.oval:def:931
statusaccepted
submitted2004-05-12T12:00:00.000-04:00
titleIIS5.0 Script Source Access Vulnerability
version65

References