Microsoft MS03-022 Security Check Network Vulnerability

Summary

There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request (communications) to the server that could cause IIS to fail or execute code on the user's system.

Solution

Microsoft has released a patch to correct these issues Download locations for this patch Microsoft Windows 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=F772E131-BBC9-4B34-9E78-F71D9742FED8&displaylang=en Note: This patch can be installed on systems running Microsoft Windows 2000 Service Pack 2, Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4. This patch has been superseded by the one provided in Microsoft Security Bulletin MS03-019. http://www.microsoft.com/technet/security/bulletin/MS03-019.mspx

Severity

Classification

CVE CVE-2003-0349

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
.NET JIT Compiler Vulnerability
Buffer Overrun in Messenger Service (828035)

Microsoft MS03-022 security check

Take action and discover your vulnerabilities