CVE-2002-0869

critical

Description

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062

http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt

http://www.iss.net/security_center/static/10502.php

http://www.ciac.org/ciac/bulletins/n-011.shtml

http://marc.info/?l=bugtraq&m=103642839205574&w=2

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html

Details

Source: Mitre, NVD

Published: 2002-11-12

Updated: 2020-11-23

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical