Sign-up

ID

VAR-200109-0118


CVE

CVE-2001-0507


TITLE

Microsoft IIS Elevation of Privilege Vulnerability in In-Process Table

Trust: 0.8

sources: JVNDB: JVNDB-2001-000123

DESCRIPTION

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. Microsoft IIS In Guest As a result, you can elevate from account privileges System With authority Web A vulnerability exists that allows arbitrary code placed in the public directory to be executed.System An arbitrary code may be executed with privileges

Trust: 1.98

sources: NVD: CVE-2001-0507 // JVNDB: JVNDB-2001-000123 // BID: 3193 // VULMON: CVE-2001-0507

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp6ascope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp6scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp5scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp3scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp2scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp1scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstationscope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp6scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp5scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp3scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp2scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp1scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal serverscope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6ascope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp5scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp3scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp2scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp1scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt serverscope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6ascope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp5scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp3scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp2scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp1scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise serverscope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server sp3scope:neversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp3scope:neversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp3scope:neversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp3scope:neversion:2000

Trust: 0.3

sources: BID: 3193 // JVNDB: JVNDB-2001-000123 // CNNVD: CNNVD-200109-062 // NVD: CVE-2001-0507

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0507
value: HIGH

Trust: 1.0

NVD: CVE-2001-0507
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200109-062
value: HIGH

Trust: 0.6

VULMON: CVE-2001-0507
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-0507
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2001-0507 // JVNDB: JVNDB-2001-000123 // CNNVD: CNNVD-200109-062 // NVD: CVE-2001-0507

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0507

THREAT TYPE

local

Trust: 0.9

sources: BID: 3193 // CNNVD: CNNVD-200109-062

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200109-062

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000123

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2001-0507

PATCH
title:MS01-044url:http://www.microsoft.com/technet/security/bulletin/MS01-044.mspx
Trust: 0.8
title:MS01-044url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-044.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000123

EXTERNAL IDS
db:NVDid:CVE-2001-0507
Trust: 2.5
db:OSVDBid:5607
Trust: 1.7
db:BIDid:3193
Trust: 1.1
db:JVNDBid:JVNDB-2001-000123
Trust: 0.8
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:909
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:912
Trust: 0.6
db:CIACid:L-132
Trust: 0.6
db:XFid:6985
Trust: 0.6
db:BUGTRAQid:20010816 ENTERCEPT SECURITY ALERT: PRIVILEGE ESCALATION VULNERABILITY IN MICROSOFT IIS
Trust: 0.6
db:MSid:MS01-044
Trust: 0.6
db:CNNVDid:CNNVD-200109-062
Trust: 0.6
db:EXPLOIT-DBid:21072
Trust: 0.1
db:VULMONid:CVE-2001-0507
Trust: 0.1
sources:
            
            
            VULMON: CVE-2001-0507 // 
            
            
            
            BID: 3193 // 
            
            
            
            JVNDB: JVNDB-2001-000123 // 
            
            
            
            CNNVD: CNNVD-200109-062 // 
            
            
            
            NVD: CVE-2001-0507

REFERENCES
url:http://online.securityfocus.com/archive/1/205069
Trust: 1.7
url:http://www.ciac.org/ciac/bulletins/l-132.shtml
Trust: 1.7
url:http://www.osvdb.org/5607
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a912
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a909
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6985
Trust: 1.1
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Trust: 1.1
url:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0507
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0507
Trust: 0.8
url:http://www.securityfocus.com/bid/3193
Trust: 0.8
url:http://xforce.iss.net/static/6985.php
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:912
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:909
Trust: 0.6
url:http://www.microsoft.com/technet/security
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/21072/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2001-0507 // 
            
            
            
            BID: 3193 // 
            
            
            
            JVNDB: JVNDB-2001-000123 // 
            
            
            
            CNNVD: CNNVD-200109-062 // 
            
            
            
            NVD: CVE-2001-0507

CREDITS
This vulnerability was reported by Entercept Security.
Trust: 0.3
sources:
            
            
            BID: 3193

SOURCES
db:VULMONid:CVE-2001-0507
db:BIDid:3193
db:JVNDBid:JVNDB-2001-000123
db:CNNVDid:CNNVD-200109-062
db:NVDid:CVE-2001-0507

LAST UPDATE DATE
2024-08-14T12:25:43.405000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2001-0507date:2018-10-30T00:00:00
db:BIDid:3193date:2001-08-15T00:00:00
db:JVNDBid:JVNDB-2001-000123date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200109-062date:2005-10-12T00:00:00
db:NVDid:CVE-2001-0507date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE
db:VULMONid:CVE-2001-0507date:2001-09-20T00:00:00
db:BIDid:3193date:2001-08-15T00:00:00
db:JVNDBid:JVNDB-2001-000123date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200109-062date:2001-09-20T00:00:00
db:NVDid:CVE-2001-0507date:2001-09-20T04:00:00