Summary
This host is running Microsoft Windows Media Services and is prone to remote code execution vulnerabilities.
Impact
Successful exploitation could allow remote attackers to obtain sensitive information, execute arbitrary code or cause denial of service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms03-019 http://technet.microsoft.com/en-us/security/bulletin/ms03-022
Insight
Windows Media Services logging capability for multicast transmissions is implemented as ISAPI extension (nsiislog.dll), which fails to processes incoming client or malicious HTTP requests.
Affected
Windows Media Services 4.0 and 4.1
Microsoft Windows NT 4.0
Microsoft Windows 2000
References
- http://secunia.com/advisories/8883
- http://secunia.com/advisories/9115
- http://securitytracker.com/id?1007059
- http://support.microsoft.com/default.aspx?scid=kb;en-us;822343
- http://technet.microsoft.com/en-us/security/bulletin/ms03-019
- http://technet.microsoft.com/en-us/security/bulletin/ms03-022
- http://www.kb.cert.org/vuls/id/113716
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2003-0227, CVE-2003-0349 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IIS .IDA ISAPI filter applied
- IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
- CoreHTTP CGI Support Remote Command Execution Vulnerability
- Media Player Classic (MPC) Webserver Multiple Vulnerabilities
- Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability