Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0507

5 documents5 sources

Severity

7.2HIGH

EPSS

2.2%

top 15.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Services

Timeline

PublishedSep 20

Latest updateApr 30

Description

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-p9gc-mhgg-w6vh: IIS 5↗2022-04-30

▶

CVEList

CVE-2001-0507: IIS 5↗2002-03-09

▶

VulnCheck

Microsoft IIS 5.0 System file listing Privilege Escalation↗2001

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 5.0 - In-Process Table Privilege Escalation↗2001-08-15

▶