CVE-2002-0869

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."

Published: Nov 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0869
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_services	5.0	5.0.x
microsoft / internet_information_server	4.0	4.0.x

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
http://marc.info/?l=bugtraq&m=103642839205574&w=2
http://www.ciac.org/ciac/bulletins/n-011.shtml
http://www.iss.net/security_center/static/10502.php
http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983

Vulnerability Database

289,599

CVE-2002-0869