Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1007059 |
|
SecurityTracker URL: http://securitytracker.com/id/1007059
|
|
CVE Reference:
CVE-2003-0349
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Jun 25 2003
|
Impact:
Denial of service via network, Execution of arbitrary code via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.0
|
Description:
A buffer overflow vulnerability was reported in an Internet Information Server (IIS) ISAPI extension for Windows Media Services on Windows 2000. A remote user can execute arbitrary code.
Windows Media Services includes a component (nsiislog.dll) to facilitate logging of streaming media player client, including logging of multicast and unicast transmissions. The 'nsiislog.dll' component does not properly process user-supplied requests for streaming media. A remote user can send a specially crafted HTTP request to an IIS server that is performing streaming media logging functions to cause IIS to execute arbitrary code. The code will be executed with the privileges of the IIS server.
This is a new vulnerability [or at least a new patch] that that is different from the vulnerability [or patch] that was announced in MS03-019 on May 28, 2003.
Windows Media Services is not installed by default and is also not available on Windows 2000 professional, the report said.
The affected 'nsiislog.dll' file can reportedly be installed on IIS 5.0, so version 5.0 of IIS is potentially vulnerable.
To determine if your computer is configured to perform multicast streaming media logging, the vendor states that you should perform the following steps:
From the Start Menu, click search.
Click For Files or Folders
In the search dialog, type in the file name, NSIISLOG.DLL
Click Search Now.
If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.
Microsoft has assigned a maximum Severity Rating of 'Important' to this vulnerability.
Microsoft credits Brett Moore with reporting this flaw.
|
Impact:
A remote user can cause arbitrary code to be executed by IIS.
|
Solution:
The vendor has issued the following patch for Microsoft Windows 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=F772E131-BBC9-4B34-9E78-F71D9742FED8&displaylang=en
This patch can reportedly be installed on Microsoft Windows 2000 SP2, SP3, and SP4.
The vendor plans to include the fix in Windows 2000 SP5.
A reboot is not required after installing this patch.
This patch supercedes the patch address in Security Bulletin MS03-019.
Microsoft plans to issue Knowledge Base article 822343 regarding this issue, to be available shortly at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822343
|
Vendor URL: www.microsoft.com/technet//security/bulletin/MS03-022.asp (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Windows (2000)
|
Underlying OS Comments: Windows 2000
|
|
Message History:
None.
|
Source Message Contents
|
Subject: MS03-022 Flaw in ISAPI Extension for Windows Media Services Could
|
http://www.microsoft.com/technet//security/bulletin/MS03-022.asp
OS: Windows 2000
IIS: 5.0
Maximum Severity Rating: Important
CVE: CAN-2003-0349
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
Microsoft issued Security Bulletin MS03-022 warning of a flaw in an ISAPI extension in
Windows Media Services on Windows 2000. A remote user can execute arbitrary code.
A buffer overflow vulnerability was reported in the Internet Information Server (IIS)
ISAPI extension for Windows Media Services on Windows 2000. A remote user can execute
arbitrary code.
Windows Media Services includes a component (nsiislog.dll) to facilitate logging of
streaming media player client, including logging of multicast and unicast transmissions.
The 'nsiislog.dll' component does not properly process user-supplied requests for
streaming media. A remote user can send a specially crafted HTTP request to an IIS server
that is performing streaming media logging functions to cause IIS to execute arbitrary
code. The code will be executed with the privileges of the IIS server.
This is a new vulnerability that supercedes a similar flaw that was reported in MS03-019
on May 28, 2003.
Windows Media Services is not installed by default and is also not available on Windows
2000 professional, the report said.
The affected 'nsiislog.dll' file can reportedly be installed on IIS 5.0, so version 5.0 of
IIS is potentially vulnerable.
To determine if your computer is configured to perform multicast streaming media logging,
the vendor states that you should perform the following steps:
From the Start Menu, click search.
Click For Files or Folders
In the search dialog, type in the file name, NSIISLOG.DLL
Click Search Now.
If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.
Microsoft has assigned a maximum Severity Rating of 'Important' to this vulnerability.
Microsoft credits Brett Moore with reporting this flaw.
The vendor has issued the following patch for Microsoft Windows 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=F772E131-BBC9-4B34-9E78-F71D9742FED8&displaylang=en
This patch can reportedly be installed on Microsoft Windows 2000 SP2, SP3, and SP4.
The vendor plans to include the fix in Windows 2000 SP5.
A reboot is not required after installing this patch.
This patch supercedes the patch address in Security Bulletin MS03-019.
Microsoft plans to issue Knowledge Base article 822343 regarding this issue, to be
available shortly at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822343
|
|
