Signature Detail

HTTP: Chunked POST Request to nsiislog.dll

This signature detects chunked POST requests to NSIISLOG.DLL. Attackers can exploit Windows Media Services that have logging enabled by sending a specially crafted network request, which can result in a denial of service or the execution of arbitrary code.

Extended Description

Microsoft has reported a denial of service vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension handles incoming client requests. This could cause a denial of service in IIS, which is exploitable through Media Services. **The vendor has confirmed that this vulnerability could be exploited to execute arbitrary code.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Terminal Services SP1
• Microsoft Windows 2000 Terminal Services SP2
• Microsoft Windows 2000 Terminal Services SP3
• Microsoft Windows 2000 Terminal Services
• Microsoft Windows NT Enterprise Server 4.0
• Microsoft Windows NT Enterprise Server 4.0 SP1
• Microsoft Windows NT Enterprise Server 4.0 SP2
• Microsoft Windows NT Enterprise Server 4.0 SP3
• Microsoft Windows NT Enterprise Server 4.0 SP4
• Microsoft Windows NT Enterprise Server 4.0 SP5
• Microsoft Windows NT Enterprise Server 4.0 SP6
• Microsoft Windows NT Enterprise Server 4.0 SP6a
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0 SP1
• Microsoft Windows NT Server 4.0 SP2
• Microsoft Windows NT Server 4.0 SP3
• Microsoft Windows NT Server 4.0 SP4
• Microsoft Windows NT Server 4.0 SP5
• Microsoft Windows NT Server 4.0 SP6
• Microsoft Windows NT Server 4.0 SP6a
• Microsoft Windows NT Terminal Server 4.0
• Microsoft Windows NT Terminal Server 4.0 SP1
• Microsoft Windows NT Terminal Server 4.0 SP2
• Microsoft Windows NT Terminal Server 4.0 SP3
• Microsoft Windows NT Terminal Server 4.0 SP4
• Microsoft Windows NT Terminal Server 4.0 SP5
• Microsoft Windows NT Terminal Server 4.0 SP6
• Microsoft Windows NT Terminal Server 4.0 SP6a
• Microsoft Windows NT Workstation 4.0
• Microsoft Windows NT Workstation 4.0 SP1
• Microsoft Windows NT Workstation 4.0 SP2
• Microsoft Windows NT Workstation 4.0 SP3
• Microsoft Windows NT Workstation 4.0 SP4
• Microsoft Windows NT Workstation 4.0 SP5
• Microsoft Windows NT Workstation 4.0 SP6
• Microsoft Windows NT Workstation 4.0 SP6a

References

• BugTraq: 7727
• BugTraq: 8035
• CVE: CVE-2003-0227
• CVE: CVE-2003-0349
• URL: http://www.securityfocus.com/archive/1/323415