Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
BID:9878
Info
Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9878 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 18 2003 12:00AM |
| Updated: | Jul 18 2003 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to firew0rker. |
| Vulnerable: |
Microsoft Windows Media Services 4.1 Microsoft Windows Media Services 4.0 Microsoft Windows Media Services 0 |
| Not Vulnerable: | |
Discussion
Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
Microsoft Media Services has been reported prone to a buffer overflow vulnerability. This is due to a problem with how the logging ISAPI extension handles incoming client MX_STATS_LogLine: header field data in POST requests. The logging facility may attempt to write excessive data to an undersized buffer when handling a malformed HTTP client request. This could trigger a denial of service or remote arbitrary code execution in IIS, which is exploitable through Media Services.
Microsoft Media Services has been reported prone to a buffer overflow vulnerability. This is due to a problem with how the logging ISAPI extension handles incoming client MX_STATS_LogLine: header field data in POST requests. The logging facility may attempt to write excessive data to an undersized buffer when handling a malformed HTTP client request. This could trigger a denial of service or remote arbitrary code execution in IIS, which is exploitable through Media Services.
Exploit / POC
Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
The following exploit has been supplied:
The following exploit has been supplied:
Solution / Fix
Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
Solution:
It should be noted that this issue is believed to exist in an early build of NSIISlog.DLL that may have shipped with Media Services for Windows NT 4.0 or Windows 2000 prior to SP1. The vulnerability is not likely present in fully patched versions of affected platforms, though it is hard determine when the vulnerability was fixed or to associate specific updates that fix the vulnerability. Administrators are advised to install all current patches.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It should be noted that this issue is believed to exist in an early build of NSIISlog.DLL that may have shipped with Media Services for Windows NT 4.0 or Windows 2000 prior to SP1. The vulnerability is not likely present in fully patched versions of affected platforms, though it is hard determine when the vulnerability was fixed or to associate specific updates that fix the vulnerability. Administrators are advised to install all current patches.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
References:
References:
- Technet Security (Microsoft)