SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
SecurityTracker Alert ID:  1006866
SecurityTracker URL:  http://securitytracker.com/id/1006866
CVE Reference:   CVE-2003-0227   (Links to External Site)
Updated:  Jun 2 2003
Original Entry Date:  May 28 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0, 5.0
Description:   A buffer overflow vulnerability was reported in the Internet Information Server (IIS) ISAPI extension for Windows Media Services. A remote user can cause IIS to stop responding to requests. A remote user can execute arbitrary code.

Windows Media Services includes a component (nsiislog.dll) to facilitate logging of streaming media player client, including logging of multicast and unicast transmissions. The 'nsiislog.dll' component does not properly process user-supplied requests for streaming media. A remote user can send a specially crafted request to an IIS server that is performing streaming media logging functions to cause IIS to stop responding.

Windows Media Services is not installed by default, the report said.

To determine if your computer is configured to perform multicast streaming media logging, the vendor states that you should perform the following steps:

From the Start Menu, click search.
Click For Files or Folders
In the search dialog, type in the file name, NSIISLOG.DLL
Click Search Now.

If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.

Microsoft has assigned a maximum Severity Rating of 'Important' to this vulnerability.

Microsoft credits Brett Moore for reporting this flaw.

Impact:   A remote user can cause the IIS service to stop responding to requests. A remote user can cause arbitrary code to be executed by IIS.
Solution:   The vendor has released the following patches:

Microsoft Windows NT 4.0:

http://microsoft.com/downloads/details.aspx?FamilyId=8D7E3716-1AA7-4EDC-B084-7D50C8D3C2AB&displaylang=en

Microsoft Windows 2000:

http://microsoft.com/downloads/details.aspx?FamilyId=9EFA4EBD-2068-4742-917D-A2638688C029&displaylang=en

Microsoft reports that the Windows NT 4.0 patch can be installed on NT 4.0 SP6a and the Windows 2000 patch can be installed on Windows 2000 SP2 or SP3. The vendor plans to include this fix in Windows 2000 SP4.

According to the bulletin, a reboot is not required after installation of the patch.

Microsoft plans to issue Knowledge Base article 817772 regarding this issue, to be available shortly at:

http://support.microsoft.com/?scid=fh;en-us;kbhowto

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-019.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000)
Underlying OS Comments:  NT 4.0, 2000

Message History:   None.


 Source Message Contents

Subject:  MS03-019


http://www.microsoft.com/technet/security/bulletin/MS03-019.asp

Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772)

Microsoft issued security bulletin MS03-019, warning of a flaw in the Internet Information 
Server (IIS) ISAPI extension for Windows Media Services.

Maximum Severity Rating: Moderate

Windows Media Services includes a component (nsiislog.dll) to facilitate logging of 
streaming media player client, including logging of multicast and unicast transmissions. 
The 'nsiislog.dll' component does not properly process user-supplied requests for 
streaming media.  A remote user can send a specially crafted request to an IIS server that 
is performing streaming media logging functions to cause IIS to stop responding.

Windows Media Services is not installed by default, the report said.

The affected DLL can be installed on IIS 4.0 and 5.0.

According to the report, Windows XP and 2003 are not affected.

To determine if your computer is configured to perform multicast streaming media logging, 
the vendor states that you should perform the following steps:


If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.

Microsoft credits Brett Moore for reporting this flaw.

CVE: CAN-2003-0227

The vendor has released the following patches:

Microsoft Windows NT 4.0:

http://microsoft.com/downloads/details.aspx?FamilyId=8D7E3716-1AA7-4EDC-B084-7D50C8D3C2AB&displaylang=en 


Microsoft Windows 2000:

http://microsoft.com/downloads/details.aspx?FamilyId=9EFA4EBD-2068-4742-917D-A2638688C029&displaylang=en 


Microsoft reports that the Windows NT 4.0 patch can be installed on NT 4.0 SP6a and the 
Windows 2000 patch can be installed on Windows 2000 SP2 or SP3.  The vendor plans to 
include this fix in Windows 2000 SP4.

According to the bulletin, a reboot is not required after installation of the patch.

Microsoft plans to issue Knowledge Base article 817772 regarding this issue, to be 
available shortly at:

http://support.microsoft.com/?scid=fh;en-us;kbhowto




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC