Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1006866
|
|
CVE Reference: CAN-2003-0227
(Links to External Site)
|
Updated: Jun 2 2003
|
Original Entry Date: May 28 2003
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 4.0, 5.0
|
Description: A buffer overflow vulnerability was reported in the Internet Information Server (IIS) ISAPI extension for Windows Media Services. A remote user can cause IIS to stop responding to requests. A remote user can execute arbitrary code.
Windows Media Services includes a component (nsiislog.dll) to facilitate logging of streaming media player client, including logging
of multicast and unicast transmissions. The 'nsiislog.dll' component does not properly process user-supplied requests for streaming
media. A remote user can send a specially crafted request to an IIS server that is performing streaming media logging functions
to cause IIS to stop responding.
Windows Media Services is not installed by default, the report said.
To determine if your
computer is configured to perform multicast streaming media logging, the vendor states that you should perform the following steps:
From the Start Menu, click search.
Click For Files or Folders
In the search dialog, type in the file name, NSIISLOG.DLL
Click Search Now.
If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.
Microsoft
has assigned a maximum Severity Rating of 'Important' to this vulnerability.
Microsoft credits Brett Moore for reporting this
flaw.
|
Impact: A remote user can cause the IIS service to stop responding to requests. A remote user can cause arbitrary code to be executed by IIS.
|
Solution: The vendor has released the following patches:
Microsoft Windows NT 4.0:
http://microsoft.com/downloads/details.aspx?FamilyId=8D7E3716-1AA7-4EDC-B084-7D50C8D3C2AB&d
isplaylang=en
Microsoft Windows 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=9EFA4EBD-2068-4742-917D-A2638688C029&displaylang=en
Microsoft reports that the Windows NT 4.0 patch can be installed on NT 4.0 SP6a and the Windows 2000 patch can be installed
on Windows 2000 SP2 or SP3. The vendor plans to include this fix in Windows 2000 SP4.
According to the bulletin, a reboot is
not required after installation of the patch.
Microsoft plans to issue Knowledge Base article 817772 regarding this issue, to
be available shortly at:
http://support.microsoft.com/?scid=fh;en-us;kbhowto
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-019.asp (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (NT), Windows (2000)
|
Underlying OS Comments: NT 4.0, 2000
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 28 May 2003 14:04:21 -0400
Subject: MS03-019
|
http://www.microsoft.com/technet/security/bulletin/MS03-019.asp
Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772)
Microsoft issued security bulletin MS03-019, warning of a flaw in the Internet Information
Server (IIS) ISAPI extension for Windows Media Services.
Maximum Severity Rating: Moderate
Windows Media Services includes a component (nsiislog.dll) to facilitate logging of
streaming media player client, including logging of multicast and unicast transmissions.
The 'nsiislog.dll' component does not properly process user-supplied requests for
streaming media. A remote user can send a specially crafted request to an IIS server that
is performing streaming media logging functions to cause IIS to stop responding.
Windows Media Services is not installed by default, the report said.
The affected DLL can be installed on IIS 4.0 and 5.0.
According to the report, Windows XP and 2003 are not affected.
To determine if your computer is configured to perform multicast streaming media logging,
the vendor states that you should perform the following steps:
· From the Start Menu, click search.
· Click For Files or Folders
· In the search dialog, type in the file name, NSIISLOG.DLL
· Click Search Now.
If you see the 'NSIISLOG.DLL' file in any directory shared by IIS, then you are affected.
Microsoft credits Brett Moore for reporting this flaw.
CVE: CAN-2003-0227
The vendor has released the following patches:
Microsoft Windows NT 4.0:
http://microsoft.com/downloads/details.aspx?FamilyId=8D7E3716-1AA7-4EDC-B084-7D50C8D3C2AB&display
lang=en
Microsoft Windows 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=9EFA4EBD-2068-4742-917D-A2638688C029&display
lang=en
Microsoft reports that the Windows NT 4.0 patch can be installed on NT 4.0 SP6a and the
Windows 2000 patch can be installed on Windows 2000 SP2 or SP3. The vendor plans to
include this fix in Windows 2000 SP4.
According to the bulletin, a reboot is not required after installation of the patch.
Microsoft plans to issue Knowledge Base article 817772 regarding this issue, to be
available shortly at:
http://support.microsoft.com/?scid=fh;en-us;kbhowto
|
|
Go to the Top of This SecurityTracker Archive Page
|
