Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
| win-isapi-nsiislog-bo (12092) |  High Risk |
Description:
Multiple Microsoft Windows Server products are vulnerable to a buffer overflow in the ISAPI (Internet Services Application Programming Interface) nsiislog.dll extension of the Internet Information Services (IIS) Scripts directory. The IIS ISAPI nsiislog.dll extension, which is not installed by default, provides the multicast and unicast transmission logging capability within Microsoft Windows Media Services. If the server is configured for Windows Media Services, a remote attacker could send a specially-crafted request to the server to overflow a buffer and cause IIS to stop responding to legitimate Web requests and execute arbitrary code on the system.
Note: Microsoft Windows Media Services must be downloaded to install on Windows NT and is not installed by default on Windows 2000.
Platforms Affected:
- Microsoft, Windows 2000 Advanced Server
- Microsoft, Windows 2000 Datacenter Server
- Microsoft, Windows 2000
- Microsoft, Windows 2000 Server
- Microsoft, Windows NT 4.0 Server
- Microsoft, Windows NT 4.0
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS03-022. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS03-019, but it was superseded by the patch released with MS03-022.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Fri May 30 2003 - 19:27:41 CDT, Windows Media Services Remote Command Execution at http://archives.neohapsis.com/archives/bugtraq/2003-05/0336.html.
- BugTraq Mailing List, Wed May 28 2003 - 18:55:02 CDT, RE: Alert: MS03-019, Microsoft... wrong, again. at http://archives.neohapsis.com/archives/bugtraq/2003-05/0329.html.
- CIAC Information Bulletin N-100, Microsoft Windows Media Services ISAPI Extenstion Flaw at http://www.ciac.org/ciac/bulletins/n-100.shtml.
- Microsoft Security Bulletin MS03-019, Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (817772) at http://www.microsoft.com/technet/security/bulletin/ms03-019.mspx.
- Microsoft Security Bulletin MS03-022, Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) at http://www.microsoft.com/technet/security/bulletin/ms03-022.mspx.
- BID-7727: Microsoft Windows Media Services Logging ISAPI Buffer Overflow Vulnerability
- CVE-2003-0227: The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
Reported:
May 28, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net