Unchecked Buffer in Commerce Server 2000 ISAPI Filter.

Reported February 21, 2002, by Microsoft.

VERSION AFFECTED

 

  • Microsoft Commerce Server 2000

 

DESCRIPTION
An unchecked buffer exists in the Internet Server API (ISAPI) AuthFilter that can lead to a buffer overrun condition. An attacker can exploit this vulnerability to run arbitrary code in the LocalSystem security context, leading to remote compromise of the vulnerable server.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-010, which addresses this vulnerability, and recommends that affected users immediately apply the patch available at the Security Bulletin URL.

 

CREDIT
Discovered by Microsoft.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish