Sign-up

ID

VAR-200211-0070


CVE

CVE-2002-0869


TITLE

Microsoft IIS Privilege acquisition vulnerability in different application processes

Trust: 0.8

sources: JVNDB: JVNDB-2002-000263

DESCRIPTION

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation.". Microsoft IIS In IIS When running an application as part of a different process than Web What should be executed with the rights of the application manager System There is a design flaw that can be executed with privileges.System An arbitrary code may be executed with authority. A vulnerability has been reported for Microsoft IIS that may allow an attacker to obtain elevated privileges. This vulnerability can be exploited by an attacker to load and execute applications on the vulnerable server with SYSTEM level privileges. This vulnerability can exploited when IIS is configured to run applications out of process by modifying the memory space of the dllhost.exe process. This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID

Trust: 1.89

sources: NVD: CVE-2002-0869 // JVNDB: JVNDB-2002-000263 // BID: 6069

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.1

Trust: 0.6

sources: BID: 6069 // JVNDB: JVNDB-2002-000263 // CNNVD: CNNVD-200211-016 // NVD: CVE-2002-0869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0869
value: HIGH

Trust: 1.0

NVD: CVE-2002-0869
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200211-016
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2002-0869
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2002-000263 // CNNVD: CNNVD-200211-016 // NVD: CVE-2002-0869

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200211-016

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200211-016

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2002-000263

PATCH
title:MS02-062url:http://www.microsoft.com/technet/security/bulletin/MS02-062.mspx
Trust: 0.8
title:MS02-062url:http://www.microsoft.com/japan/technet/security/Bulletin/ms02-062.mspx
Trust: 0.8
title:Microsoft IIS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134896
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2002-000263 // 
            
            
            
            CNNVD: CNNVD-200211-016

EXTERNAL IDS
db:NVDid:CVE-2002-0869
Trust: 2.7
db:BIDid:6068
Trust: 0.8
db:JVNDBid:JVNDB-2002-000263
Trust: 0.8
db:CNNVDid:CNNVD-200211-016
Trust: 0.6
db:BIDid:6069
Trust: 0.3
sources:
            
            
            BID: 6069 // 
            
            
            
            JVNDB: JVNDB-2002-000263 // 
            
            
            
            CNNVD: CNNVD-200211-016 // 
            
            
            
            NVD: CVE-2002-0869

REFERENCES
url:http://www.ciac.org/ciac/bulletins/n-011.shtml
Trust: 1.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
Trust: 1.6
url:http://www.iss.net/security_center/static/10502.php
Trust: 1.6
url:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
Trust: 1.6
url:http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a930
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a983
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=103642839205574&w=2
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a929
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0869
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0869
Trust: 0.8
url:http://www.securityfocus.com/bid/6068
Trust: 0.8
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-062.asp
Trust: 0.3
url:/archive/1/298430
Trust: 0.3
sources:
            
            
            BID: 6069 // 
            
            
            
            JVNDB: JVNDB-2002-000263 // 
            
            
            
            CNNVD: CNNVD-200211-016 // 
            
            
            
            NVD: CVE-2002-0869

CREDITS
Discovery of this vulnerability credited to Li0n of A3 Security Consulting Co., Ltd. ( http://www.a3sc.co.kr).
Trust: 0.3
sources:
            
            
            BID: 6069

SOURCES
db:BIDid:6069
db:JVNDBid:JVNDB-2002-000263
db:CNNVDid:CNNVD-200211-016
db:NVDid:CVE-2002-0869

LAST UPDATE DATE
2024-08-14T14:00:54.640000+00:00

SOURCES UPDATE DATE
db:BIDid:6069date:2009-07-11T18:06:00
db:JVNDBid:JVNDB-2002-000263date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200211-016date:2021-08-16T00:00:00
db:NVDid:CVE-2002-0869date:2020-11-23T19:49:27.407

SOURCES RELEASE DATE
db:BIDid:6069date:2002-10-31T00:00:00
db:JVNDBid:JVNDB-2002-000263date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200211-016date:2002-10-31T00:00:00
db:NVDid:CVE-2002-0869date:2002-11-12T05:00:00