Signature Detail

HTTP: Windows Media Services NSIISlog.DLL Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Services, included with Microsoft Windows 2000 Server SP4. Attackers can send a maliciously crafted HTTP "POST" request to overflow the buffer and cause a denial of service or execute arbitrary code.

Extended Description

Microsoft has reported a buffer overflow vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension handles incoming client requests. This could cause arbitrary code execution in IIS, which is exploitable through Media Services.

Affected Products

• Microsoft windows_2000_advanced_server SP1
• Microsoft windows_2000_advanced_server SP2
• Microsoft windows_2000_advanced_server SP3
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_advanced_server
• Microsoft windows_2000_datacenter_server SP1
• Microsoft windows_2000_datacenter_server SP2
• Microsoft windows_2000_datacenter_server SP3
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_datacenter_server
• Microsoft windows_2000_server SP1
• Microsoft windows_2000_server SP2
• Microsoft windows_2000_server SP3
• Microsoft windows_2000_server SP4
• Microsoft windows_2000_server
• Microsoft windows_nt 4.0
• Microsoft windows_nt 4.0 SP1
• Microsoft windows_nt 4.0 SP2
• Microsoft windows_nt 4.0 SP3
• Microsoft windows_nt 4.0 SP4
• Microsoft windows_nt 4.0 SP5
• Microsoft windows_nt 4.0 SP6
• Microsoft windows_nt 4.0 SP6a

References

• BugTraq: 8035
• BugTraq: 7727
• CVE: CVE-2003-0227
• CVE: CVE-2003-0349
• URL: http://www.kb.cert.org/vuls/id/113716
• URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0120.html