{"api_version":"1","generated_at":"2026-04-23T02:56:24+00:00","cve":"CVE-2008-0074","urls":{"html":"https://cve.report/CVE-2008-0074","api":"https://cve.report/api/cve/CVE-2008-0074.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0074","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0074"},"summary":{"title":"CVE-2008-0074","description":"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\\Root, or WWWRoot folders.","state":"PUBLISHED","assigner":"microsoft","published_at":"2008-02-12 21:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","NVD-CWE-noinfo","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS08-005 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28849","name":"http://secunia.com/advisories/28849","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Internet Information Services Privilege Escalation - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019384","name":"http://www.securitytracker.com/id?1019384","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0507/references","name":"http://www.vupen.com/english/advisories/2008/0507/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA08-043C.html","name":"http://www.us-cert.gov/cas/techalerts/TA08-043C.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA08-043C -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27101","name":"http://www.securityfocus.com/bid/27101","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2","name":"http://marc.info/?l=bugtraq&m=120361015026386&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0074","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0074","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"74","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_information_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"74","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_information_server","cpe6":"6.0","cpe7":"beta","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"74","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_information_services","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T07:32:23.909Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2008-0507","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0507/references"},{"name":"oval:org.mitre.oval:def:5389","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389"},{"name":"1019384","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019384"},{"name":"HPSBST02314","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2"},{"name":"27101","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27101"},{"name":"SSRT080016","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2"},{"name":"TA08-043C","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA08-043C.html"},{"name":"MS08-005","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005"},{"name":"28849","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28849"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-02-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\\Root, or WWWRoot folders."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"ADV-2008-0507","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0507/references"},{"name":"oval:org.mitre.oval:def:5389","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389"},{"name":"1019384","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019384"},{"name":"HPSBST02314","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2"},{"name":"27101","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27101"},{"name":"SSRT080016","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2"},{"name":"TA08-043C","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA08-043C.html"},{"name":"MS08-005","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005"},{"name":"28849","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28849"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2008-0074","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\\Root, or WWWRoot folders."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2008-0507","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0507/references"},{"name":"oval:org.mitre.oval:def:5389","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389"},{"name":"1019384","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019384"},{"name":"HPSBST02314","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2"},{"name":"27101","refsource":"BID","url":"http://www.securityfocus.com/bid/27101"},{"name":"SSRT080016","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=120361015026386&w=2"},{"name":"TA08-043C","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA08-043C.html"},{"name":"MS08-005","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005"},{"name":"28849","refsource":"SECUNIA","url":"http://secunia.com/advisories/28849"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2008-0074","datePublished":"2008-02-12T20:00:00.000Z","dateReserved":"2008-01-03T00:00:00.000Z","dateUpdated":"2024-08-07T07:32:23.909Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-02-12 21:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"F7C954A7-FF84-4DEB-8728-5B207F374ECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*","matchCriteriaId":"E14B55BE-74CB-4929-9380-C948950C9920"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*","matchCriteriaId":"413C07EA-139F-4B7D-A58B-835BD2591FA0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"74","Ordinal":"1","Title":"CVE-2008-0074","CVE":"CVE-2008-0074","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"74","Ordinal":"1","NoteData":"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\\Root, or WWWRoot folders.","Type":"Description","Title":"CVE-2008-0074"},{"CveYear":"2008","CveId":"74","Ordinal":"2","NoteData":"2008-02-12","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"74","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}