[原文]IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
A vulnerability exists in Microsoft's Internet Information Services 5.0 which could allow a user with write permission to run any code with System privileges.
Microsoft IIS Relative Path System Privilege Escalation
Local Access Required
Loss of Confidentiality,
Loss of Integrity
Microsoft IIS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when exploiting the relative path listings in a table that lists the system files. This flaw may lead to a loss of confidentiality and/or integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.