Vulnerability Note VU#113716
Microsoft Windows Media Services contains buffer overflow in "nsiislog.dll"
Microsoft Windows Media Services provides streaming audio and video capabilities. A vulnerability in a component of this software could allow a remote attacker to compromise the server running it.
According to Microsoft Security Bulletin MS03-022:
Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available in a downloadable version for Windows NT 4.0 Server. Windows Media Services contains support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content coming from the server. To facilitate logging of client information for the server, Windows 2000 includes a capability specifically designed to enable logging for multicast transmissions.
This logging capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension nsiislog.dll. When Windows Media Services are added through add/remove programs to Windows 2000, nsiislog.dll is installed in the Internet Information Services (IIS) Scripts directory on the server. Once Windows Media Services is installed, nsiislog.dll is automatically loaded and used by IIS.
A remote attacker may be able to execute arbitrary code in the context of the account under which IIS was running. This access could be leveraged by the attacker to take any action on the system.
Microsoft has released patches for this issue. Users are encouraged to review Microsoft Security Bulletin MS03-022 for more information.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||15 Jul 2003|
CVSS Metrics (Learn More)
This issue was discovered, researched, and reported to Microsoft by Brett Moore of Security-Assessment.com.
This document was written by Chad R Dougherty.
- CVE IDs: CAN-2003-0349
- Date Public: 25 Jun 2003
- Date First Published: 31 Jul 2003
- Date Last Updated: 31 Jul 2003
- Severity Metric: 19.24
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.