• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS Out Of Process Privilege Escalation Vulnerability

A vulnerability has been reported for Microsoft IIS that may allow an attacker to obtain elevated privileges. This vulnerability can be exploited by an attacker to load and execute applications on the vulnerable server with SYSTEM level privileges. This vulnerability can exploited when IIS is configured to run applications out of process by modifying the memory space of the dllhost.exe process.

This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID.