CVE-2002-1180

CVE Database · CVE-2002-1180

CVE-2002-1180

· N/AModified

CVSS v3.1

N/A

EPSS

8.63%

Published

Nov 12, 2002

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Affected Products (1)

microsoft · internet_information_servicesvulnerable

References (12)

http://www.ciac.org/ciac/bulletins/n-011.shtml

http://www.iss.net/security_center/static/10504.php

PatchVendor Advisory

http://www.securityfocus.com/bid/6068

http://www.securityfocus.com/bid/6071

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931

http://www.ciac.org/ciac/bulletins/n-011.shtml

http://www.iss.net/security_center/static/10504.php

PatchVendor Advisory

http://www.securityfocus.com/bid/6068

KEV Catalog EPSS Scores Vendors All CVEs