Follow:

Vulnerability:Win/HTTP.NSIISLog.RCE!CAN-2003-0227

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2003-05-30T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

NSIISLog.dll is an IIS ISAPI extension that was shipped as part of Windows 2000 Server and Advanced Server to provide logging capabilities for Media Streaming in Microsoft Media Services



Impact

This vulnerability could enable an attacker to cause execute code of their choice on a computer running IIS with streaming media logging enabled. The code would in the context of the account IIS is running as, which would allow the attacker to take any action on the system.



Technical details (analysis)

Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available as a downloadable version for Windows NT 4.0 Server. Windows Media Services contain support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming however, the server has no connection or knowledge of the clients that may be receiving the stream coming from the server. To facilitate logging of client information for the server Windows 2000 includes a capability specifically designed for that purpose. To help with this problem, Windows 2000 includes logging capabilities for multicast and unicast transmissions. This capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension - nsiislog.dll. When Windows Media Services are installed in Windows NT 4.0 Server or added through add/remove programs to Windows 2000, nsiislog.dll is installed to the Internet Information Services (IIS) Scripts directory on the server. There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to fail or execute code on the user's system.



Affected software

Microsoft Windows NT 4.0
Microsoft Windows 2000



Non-affected software

Microsoft Windows XP
Microsoft Windows Server 2003



References




Solutions




NIS signature

Name: Vulnerability:Win/HTTP.NSIISLog.RCE!CAN-2003-0227
Release Date: 2003-05-30T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

There are no known workarounds.