Info

Disclosure

May 28, 2003

Discovery

May 28, 2003

Dates

Exploit

May 28, 2003

Solution

Unknown

Description

Windows Media Services contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the ISAPI (Internet Services Application Programming Interface) extension handling of incoming client requests in the nsiislog.dll file of the Internet Information Services (IIS). With a specially crafted request, an attacker may create a denial of service or exexcute arbitrary code via a chunked encoding overflow.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	IIS	4.0
		5.0
	Windows	2000
		NT 4.0

References

ISS X-Force ID: 12092
CVE ID: 2003-0227 (see also: NVD)
Related OSVDB ID: 4535
Bugtraq ID: 8035
Microsoft Knowledge Base Article: 817772
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-05/0329.html
http://archives.neohapsis.com/archives/bugtraq/2003-05/0336.html
Keyword: Internet Information Services (IIS)
Microsoft Security Bulletin: MS03-019
CIAC Advisory: n-100

Credit

Brett Moore - brett.mooresecurity-assessment.com - Security Assessment

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

IIS

Windows

References

Credit