Summary
There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request (communications) to the server that could cause IIS to fail or execute code on the user's system.
Solution
Microsoft has released a patch to correct these issues Download locations for this patch
Microsoft Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F772E131-BBC9-4B34-9E78-F71D9742FED8&displaylang=en
Note: This patch can be installed on systems running Microsoft Windows 2000 Service Pack 2, Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4. This patch has been superseded by the one provided in Microsoft Security Bulletin MS03-019. http://www.microsoft.com/technet/security/bulletin/MS03-019.mspx
Severity
Classification
-
CVE CVE-2003-0349 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (937143)
- Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
- Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)