Microsoft Corp. on Wednesday issued a bulletin warning users of a flaw in a Windows 2000 Server component that could allow attackers to execute code on vulnerable machines. The flaw does not affect machines running Windows NT, XP or Windows Server 2003.
The vulnerability lies in the DLL that Windows Media Services uses to log client information during multicasts. When WMS is installed a machine using the add/remove programs option in Windows, the Nsiislog.dll file is installed in the IIS scripts directory and automatically loaded and used by IIS.
The DLL incorrectly handles incoming client requests, and as a result, an attacker could send an HTTP request that would cause a buffer overrun and either crash the server or execute the attackers code. However, there are two important caveats to this attack: First, WMS is not installed by default; and second, the attacker would need to know whether the target server had WMS installed in order to execute the attack.
The patch for this vulnerability is available here.
Microsoft, of Redmond, Wash., also issued a patch for a problem in Windows Media Player that could allow an attacker to see and manipulate some data on a users machine. This vulnerability stems from a flaw in an ActiveX control used by Windows Media Player to handle embedded media on Web pages. The control provides the user interface that lets visitors to such pages play, pause and rewind the media.
The control provides access to information on users machines incorrectly and could allow an attacker to run a script on a Web page that would let him view and manipulate metadata in the users media library.
The patch for this problem is located here.