Out of Process Privilege Elevation in Microsoft Internet Information Server (IIS)
CVE-2002-0869

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 12 November 2002

Summary

A vulnerability exists in the hosting process (dllhost.exe) of Microsoft Internet Information Server (IIS) versions 4.0 through 5.1. This issue allows remote attackers to execute an out of process application which can acquire LocalSystem privileges, thereby potentially compromising system security. Effective measures should be taken to protect affected installations from exploitation, including applying relevant patches and verifying configurations.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt

x_refsource_MISC

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2002
Vulnerability Reserved
Aug 15, 2002