February 22, 2002 12:00 AM

Unchecked Buffer in Commerce Server 2000 ISAPI Filter.

Ken Pfeil

Windows IT Pro

InstantDoc ID #24260

Reported February 21, 2002, by Microsoft.

VERSION AFFECTED

Microsoft Commerce Server 2000

DESCRIPTION
An unchecked buffer exists in the Internet Server API (ISAPI) AuthFilter that can lead to a buffer overrun condition. An attacker can exploit this vulnerability to run arbitrary code in the LocalSystem security context, leading to remote compromise of the vulnerable server.

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-010, which addresses this vulnerability, and recommends that affected users immediately apply the patch available at the Security Bulletin URL.

CREDIT
Discovered by Microsoft.

Related Content:

ARTICLE TOOLS

You must log on before posting a comment.

Are you a new visitor? Register Here

Unattended Silent Server 2008R2 and SP1 install showing progress
Dear all, I have managed to create a Batch file which successfully installs SQL Server 2008R2 Cl...
SSMS & SSDT 2012 install on XP
I recently attempted to install SSMS 2012 on my XP workstation and it came up with a error that the ...
byte order mark (BOM) issue
hi all , I am having a sp which generates a dat file , as follows \n BEGIN ...
ITF14 barcode generation control for reporting services
ITF14 barcode generation control for reporting services easily add itf14 barcode images to r...

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.