CVE-2002-1181

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Server (IIS) versions 4.0 through 5.1

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages. These vulnerabilities allow remote attackers to execute HTML script as other users. The attack vectors include a certain ASP file in the IISHELP virtual directory.

Recommendations: For Microsoft Internet Information Server (IIS) versions 4.0 through 5.1, consider restricting access to the IISHELP virtual directory as a temporary workaround until a patch is available. Avoid using potentially vulnerable ASP files in this directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.