Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
http://www.iss.net/security_center/static/10502.php
http://www.ciac.org/ciac/bulletins/n-011.shtml
http://marc.info/?l=bugtraq&m=103642839205574&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html