Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1019384 |
|
SecurityTracker URL: http://securitytracker.com/id/1019384
|
|
CVE Reference:
CVE-2008-0074
(Links to External Site)
|
Date: Feb 12 2008
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.0, 5.1, 6.0, 7.0
|
Description:
A vulnerability was reported in Microsoft Internet Information Services. A local user can obtain system level privileges on the target system.
A local user with privileges to create or modify files in the FTPRoot, NNTPFile\Root, or WWWRoot directories can cause the web service to execute arbitrary code on the target system with system privileges.
|
Impact:
A local user can obtain system privileges on the target system.
|
Solution:
Microsoft has issued fixes for IIS 5.0, 5.1, 6.0, and 7.0.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-005.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Feb 2008 14:54:03 -0500
Subject: Microsoft Security Bulletin MS08-005 Important: Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
|
http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
CVE-2008-0074
|
|
