MS03-018: Cumulative Patch for Internet Information Services (11114)

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote web server.

Description :

The remote host is running a version of IIS that contains various flaws
that could allow remote attackers to disable this service remotely and
local attackers (or remote attackers with the ability to upload
arbitrary files on this server) to gain SYSTEM level access on this
host.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms03-018

Solution :

Microsoft has released a set of patches for IIS 4.0, 5.0 and 5.1.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 11683 ()

Bugtraq ID: 7731
7733
7734
7735

CVE ID: CVE-2003-0223
CVE-2003-0224
CVE-2003-0225
CVE-2003-0226