Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0227Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows NT

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
63.4%
top 1.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows NT
Timeline
PublishedJun 9
Latest updateApr 29

Description

The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6gg7-3h6w-v2fw: The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 42022-04-29
CVEList
CVE-2003-0227: The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 42003-05-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Media Services - 'nsiislog.dll' Remote Overflow2003-07-14
CVE-2003-0227 — Microsoft Windows NT vulnerability | cvebase