Reported June 25, 2003, by Microsoft.
A new vulnerability in Windows 2000 can result in the execution of arbitrary code on the vulnerable computer. This vulnerability stems from a flaw in the way the ISAPI extension "nsiislog.dll" processes incoming client requests. To exploit this vulnerability, an attacker could send a specially formed HTTP request to the server that could cause Microsoft IIS to fail or execute code on the user's system.
Microsoft has released Security Bulletin MS03-022, "Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)," to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.
Discovered by Brett Moore.