ID CVE-2003-0349
Summary Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
References
Vulnerable Configurations
  • Microsoft Windows 2000
    cpe:2.3:o:microsoft:windows_2000
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description MS Windows Media Services Remote Exploit (MS03-022). CVE-2003-0349. Remote exploit for windows platform
    id EDB-ID:48
    last seen 2016-01-31
    modified 2003-07-01
    published 2003-07-01
    reporter firew0rker
    source https://www.exploit-db.com/download/48/
    title Microsoft Windows Media Services - Remote Exploit MS03-022
  • description Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow. CVE-2003-0349. Remote exploit for windows platform
    id EDB-ID:22837
    last seen 2016-02-02
    modified 2003-06-25
    published 2003-06-25
    reporter firew0rker
    source https://www.exploit-db.com/download/22837/
    title Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
  • description Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow. CVE-2003-0349. Remote exploit for windows platform
    id EDB-ID:16355
    last seen 2016-02-01
    modified 2010-07-25
    published 2010-07-25
    reporter metasploit
    source https://www.exploit-db.com/download/16355/
    title Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow
metasploit via4
description This exploits a buffer overflow found in the nsiislog.dll ISAPI filter that comes with Windows Media Server. This module will also work against the 'patched' MS03-019 version. This vulnerability was addressed by MS03-022.
id MSF:EXPLOIT/WINDOWS/ISAPI/MS03_022_NSIISLOG_POST
last seen 2019-03-22
modified 2017-07-24
published 2010-07-25
reliability Good
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb
title MS03-022 Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow
nessus via4
NASL family Web Servers
NASL id NSIISLOG_DLL.NASL
description Some versions of IIS shipped with a default file, nsiislog.dll, within the /scripts directory. Nessus has determined that the remote host has the file installed. The NSIISLOG.dll CGI may allow an attacker to execute arbitrary commands on this host, through a buffer overflow.
last seen 2019-02-21
modified 2018-11-15
plugin id 11664
published 2003-05-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11664
title Microsoft Media Services ISAPI nsiislog.dll Multiple Overflows
oval via4
accepted 2004-06-30T12:00:00.000-04:00
class vulnerability
contributors
name Christine Walzer
organization The MITRE Corporation
description Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
family windows
id oval:org.mitre.oval:def:938
status accepted
submitted 2004-05-18T12:00:00.000-04:00
title IIS5.0 Windows Media Services Large POST Vulnerability
version 63
packetstorm via4
refmap via4
bugtraq 20030626 Windows Media Services Remote Command Execution #2
cert-vn VU#113716
ms MS03-022
ntbugtraq 20030626 Windows Media Services Remote Command Execution #2
sectrack 1007059
secunia 9115
Last major update 17-10-2016 - 22:32
Published 24-07-2003 - 00:00
Last modified 12-10-2018 - 17:32
Back to Top