SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
SecurityTracker Alert ID:  1007059
SecurityTracker URL:  http://securitytracker.com/id/1007059
CVE Reference:   CVE-2003-0349   (Links to External Site)
Updated:  Jun 14 2008
Original Entry Date:  Jun 25 2003
Impact:   Denial of service via network, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0
Description:   A buffer overflow vulnerability was reported in an Internet Information Server (IIS) ISAPI extension for Windows Media Services on Windows 2000. A remote user can execute arbitrary code.

Windows Media Services includes a component (nsiislog.dll) to facilitate logging of streaming media player client, including logging of multicast and unicast transmissions. The 'nsiislog.dll' component does not properly process user-supplied requests for streaming media. A remote user can send a specially crafted HTTP request to an IIS server that is performing streaming media logging functions to cause IIS to execute arbitrary code. The code will be executed with the privileges of the IIS server.

This is a new vulnerability [or at least a new patch] that that is different from the vulnerability [or patch] that was announced in MS03-019 on May 28, 2003.

Windows Media Services is not installed by default and is also not available on Windows 2000 professional, the report said.

The affected 'nsiislog.dll' file can reportedly be installed on IIS 5.0, so version 5.0 of IIS is potentially vulnerable.

To determine if your computer is configured to perform multicast streaming media logging, the vendor states that you should perform the following steps:

From the Start Menu, click search.
Click For Files or Folders
In the search dialog, type in the file name, NSIISLOG.DLL
Click Search Now.

If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.

Microsoft has assigned a maximum Severity Rating of 'Important' to this vulnerability.

Microsoft credits Brett Moore with reporting this flaw.

Impact:   A remote user can cause arbitrary code to be executed by IIS.
Solution:   The vendor has issued the following patch for Microsoft Windows 2000:

http://microsoft.com/downloads/details.aspx?FamilyId=F772E131-BBC9-4B34-9E78-F71D9742FED8&displaylang=en

This patch can reportedly be installed on Microsoft Windows 2000 SP2, SP3, and SP4.

The vendor plans to include the fix in Windows 2000 SP5.

A reboot is not required after installing this patch.

This patch supercedes the patch address in Security Bulletin MS03-019.

Microsoft plans to issue Knowledge Base article 822343 regarding this issue, to be available shortly at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;822343

Vendor URL:  www.microsoft.com/technet//security/bulletin/MS03-022.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2000)
Underlying OS Comments:  Windows 2000

Message History:   None.


 Source Message Contents

Subject:  MS03-022 Flaw in ISAPI Extension for Windows Media Services Could


http://www.microsoft.com/technet//security/bulletin/MS03-022.asp

OS:  Windows 2000

IIS:  5.0

Maximum Severity Rating: Important

CVE:  CAN-2003-0349

Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)

Microsoft issued Security Bulletin MS03-022 warning of a flaw in an ISAPI extension in 
Windows Media Services on Windows 2000.  A remote user can execute arbitrary code.

A buffer overflow vulnerability was reported in the Internet Information Server (IIS) 
ISAPI extension for Windows Media Services on Windows 2000. A remote user can execute 
arbitrary code.

Windows Media Services includes a component (nsiislog.dll) to facilitate logging of 
streaming media player client, including logging of multicast and unicast transmissions. 
The 'nsiislog.dll' component does not properly process user-supplied requests for 
streaming media. A remote user can send a specially crafted HTTP request to an IIS server 
that is performing streaming media logging functions to cause IIS to execute arbitrary 
code.  The code will be executed with the privileges of the IIS server.

This is a new vulnerability that supercedes a similar flaw that was reported in MS03-019 
on May 28, 2003.

Windows Media Services is not installed by default and is also not available on Windows 
2000 professional, the report said.

The affected 'nsiislog.dll' file can reportedly be installed on IIS 5.0, so version 5.0 of 
IIS is potentially vulnerable.

To determine if your computer is configured to perform multicast streaming media logging, 
the vendor states that you should perform the following steps:

 From the Start Menu, click search.
Click For Files or Folders
In the search dialog, type in the file name, NSIISLOG.DLL
Click Search Now.

If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.

Microsoft has assigned a maximum Severity Rating of 'Important' to this vulnerability.

Microsoft credits Brett Moore with reporting this flaw.



The vendor has issued the following patch for Microsoft Windows 2000:

http://microsoft.com/downloads/details.aspx?FamilyId=F772E131-BBC9-4B34-9E78-F71D9742FED8&displaylang=en 


This patch can reportedly be installed on Microsoft Windows 2000 SP2, SP3, and SP4.

The vendor plans to include the fix in Windows 2000 SP5.

A reboot is not required after installing this patch.

This patch supercedes the patch address in Security Bulletin MS03-019.

Microsoft plans to issue Knowledge Base article 822343 regarding this issue, to be 
available shortly at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;822343



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC