CVE-2003-0349

Microsoft Windows Media Services <5.0 - RCE

Title source: llm

Description

Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16355

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by firew0rker · cremotewindows

https://www.exploit-db.com/exploits/48

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by firew0rker · cremotewindows

https://www.exploit-db.com/exploits/22837

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb

View Code ZIP pw:eip

References (7)

[Mailing List] http://marc.info/?l=bugtraq&m=105665030925504&w=2

[US Government Resource] http://www.kb.cert.org/vuls/id/113716

[Exploit, Patch, Vendor Advisory] http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1007059

[Third Party Advisory] http://secunia.com/advisories/9115

Scores

EPSS 0.8821

EPSS Percentile 99.5%

Details

Status published

Products (1)

microsoft/windows_2000

Published Jul 24, 2003

Tracked Since Feb 18, 2026