Reported June 25, 2003, by
Microsoft.
VERSIONS
AFFECTED
Windows
2000
DESCRIPTION
A new vulnerability in
Windows 2000 can result in the execution of arbitrary code on the vulnerable
computer. This vulnerability stems from a flaw in the way the ISAPI extension "nsiislog.dll"
processes incoming client requests. To exploit this vulnerability, an attacker
could send a specially formed HTTP request to the server that could cause
Microsoft IIS to fail or execute code on the user's system.
VENDOR
RESPONSE
Microsoft has released Security Bulletin
MS03-022, "Flaw in ISAPI Extension
for Windows Media Services Could Cause Code Execution (822343)," to address this
vulnerability and recommends that affected users immediately apply the patch
mentioned in the bulletin.
CREDIT
Discovered by
Brett Moore.
Arbitrary Code Execution Vulnerability in Microsoft Windows Media Server
0 comments
Hide comments