Microsoft Media Services ISAPI nsiislog.dll POST Overflow

2003-06-25T00:00:00
ID OSVDB:4535
Type osvdb
Reporter Brett Moore(brett.moore@security-assessment.com)
Modified 2003-06-25T00:00:00

Description

Vulnerability Description

Windows Media Services contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the ISAPI (Internet Services Application Programming Interface) extension handling of incoming client requests in the nsiislog.dll file of the Internet Information Services (IIS). With a specially crafted POST request, an attacker may create a denial of service or exexcute arbitrary code.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Windows Media Services contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the ISAPI (Internet Services Application Programming Interface) extension handling of incoming client requests in the nsiislog.dll file of the Internet Information Services (IIS). With a specially crafted POST request, an attacker may create a denial of service or exexcute arbitrary code.

Manual Testing Notes

telnet [victim] 80 GET /scripts/nsiislog.dll /HTTP/1.0

If the server replies with "NetShow ISAPI Log Dll", nsiislog.dll is installed and the system may be vulnerable.

References:

Related OSVDB ID: 2106 Nessus Plugin ID:11664 Microsoft Security Bulletin: MS03-022 Microsoft Knowledge Base Article: 822343 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0211.html Keyword: Internet Information Services (IIS) ISS X-Force ID: 12652 CVE-2003-0349 CIAC Advisory: n-109 CERT VU: 113716 Bugtraq ID: 8035