Vulnerabilities > CVE-2002-1181 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS02-018.NASL |
| description | The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10943 |
| published | 2002-04-23 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10943 |
| title | MS02-018: Cumulative Patch for Internet Information Services (327696) |
Oval
accepted 2005-02-16T12:00:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. family windows id oval:org.mitre.oval:def:942 status accepted submitted 2004-05-12T12:00:00.000-04:00 title Windows 2000 IIS Cross-site Scripting Vulnerabilities version 65 accepted 2007-08-02T14:47:16.767-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. family windows id oval:org.mitre.oval:def:944 status accepted submitted 2004-05-12T12:00:00.000-04:00 title Windows NT IIS Cross-site Scripting Vulnerabilities version 28
References
- http://marc.info/?l=bugtraq&m=103651224215736&w=2
- http://www.ciac.org/ciac/bulletins/n-011.shtml
- http://www.iss.net/security_center/static/10501.php
- http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html
- http://www.securityfocus.com/bid/6068
- http://www.securityfocus.com/bid/6072
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A944