CVE-2002-0869

4 documents4 sources

Severity

7.5HIGH

EPSS

29.6%

top 3.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedNov 12

Latest updateApr 30

Description

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-vcf2-r78h-5vfw: Unknown vulnerability in the hosting process (dllhost↗2022-04-30

▶

CVEList

CVE-2002-0869: Unknown vulnerability in the hosting process (dllhost↗2002-11-02

▶