ID CVE-2008-0074
Summary Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-07-2019 - 17:25)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-11-14T04:00:29.721-05:00
class vulnerability
contributors
  • name Jeff Ito
    organization Secure Elements, Inc.
  • name Chandan S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft IIS 5.0 is installed
    oval oval:org.mitre.oval:def:731
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft IIS 7.0 is installed
    oval oval:org.mitre.oval:def:5377
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
description Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
family windows
id oval:org.mitre.oval:def:5389
status accepted
submitted 2008-02-14T10:00:19
title Internet Information Services Local Privilege Elevation Vulnerability
version 35
refmap via4
bid 27101
cert TA08-043C
hp
  • HPSBST02314
  • SSRT080016
ms MS08-005
sectrack 1019384
secunia 28849
vupen ADV-2008-0507
Last major update 03-07-2019 - 17:25
Published 12-02-2008 - 21:00
Back to Top