CVE-2003-0349

Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563	Exploit Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/113716	US Government Resource
http://securitytracker.com/id?1007059
http://secunia.com/advisories/9115
http://marc.info/?l=bugtraq&m=105665030925504&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

Information

Published : 2003-07-23 21:00

Updated : 2018-10-12 14:32

NVD link : CVE-2003-0349

Mitre link : CVE-2003-0349

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563", "name": "20030626 Windows Media Services Remote Command Execution #2", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "NTBUGTRAQ"}, {"url": "http://www.kb.cert.org/vuls/id/113716", "name": "VU#113716", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://securitytracker.com/id?1007059", "name": "1007059", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/9115", "name": "9115", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=105665030925504&w=2", "name": "20030626 Windows Media Services Remote Command Execution #2", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938", "name": "oval:org.mitre.oval:def:938", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022", "name": "MS03-022", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0349", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-07-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:32Z"}