Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability

Bugtraq ID: 27101
Class: Design Error
CVE: CVE-2008-0074
Remote: No
Local: Yes
Published: Feb 12 2008 12:00AM
Updated: Mar 25 2008 06:00PM
Credit: The vendor reported this issue.
Vulnerable: Nortel Networks Centrex IP Client Manager 9.0
Nortel Networks Centrex IP Client Manager 10.0
Microsoft IIS 7.0
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0
 + Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0
 + Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP1
 - Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
 - Microsoft Windows 2000 Datacenter Server SP1
 - Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP1
 - Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
 + Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
 - Microsoft Windows XP Home SP1
 - Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
 + Microsoft Windows XP Professional SP1
 + Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP1
 - Microsoft Windows 2000 Advanced Server SP1
 + Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
 - Microsoft Windows 2000 Datacenter Server SP2
 - Microsoft Windows 2000 Datacenter Server SP1
 - Microsoft Windows 2000 Datacenter Server SP1
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 + Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP1
 - Microsoft Windows 2000 Server SP1
 + Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
HP Storage Management Appliance 2.1
+ HP Storage Management Appliance III
 + HP Storage Management Appliance II
 + HP Storage Management Appliance I
 Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server 0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus