Signature Detail

HTTP: Windows Media Services NSIISlog.DLL Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Services, included with Microsoft Windows 2000 Server SP4. Attackers can send a maliciously crafted HTTP "POST" request to overflow the buffer and cause a denial of service or execute arbitrary code.

Extended Description

Microsoft has reported a buffer overflow vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension handles incoming client requests. This could cause arbitrary code execution in IIS, which is exploitable through Media Services.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows NT 4.0
• Microsoft Windows NT 4.0 SP1
• Microsoft Windows NT 4.0 SP2
• Microsoft Windows NT 4.0 SP3
• Microsoft Windows NT 4.0 SP4
• Microsoft Windows NT 4.0 SP5
• Microsoft Windows NT 4.0 SP6
• Microsoft Windows NT 4.0 SP6a

References

• BugTraq: 7727
• BugTraq: 8035
• CVE: CVE-2003-0227
• CVE: CVE-2003-0349
• URL: http://www.kb.cert.org/vuls/id/113716