CVE-2002-1180

Published: Nov 12, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Affected (1)

Products: Microsoft: Internet Information Services

1 product

Internet Information Services

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Information Services	Version 5.0

References (12)

http://www.ciac.org/ciac/bulletins/n-011.shtml

Source: cve@mitre.org

http://www.iss.net/security_center/static/10504.php

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/6068

Source: cve@mitre.org

http://www.securityfocus.com/bid/6071

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931

Source: cve@mitre.org

http://www.ciac.org/ciac/bulletins/n-011.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/10504.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/6068

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/6071

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.