Reported February 21, 2002, by
Microsoft.
VERSION AFFECTED
Microsoft
Commerce Server 2000
DESCRIPTION
VENDOR RESPONSE
The
vendor, Microsoft, has released Security
Bulletin MS02-010,
which addresses this vulnerability, and recommends that affected users
immediately apply the patch
available at the Security Bulletin URL.
CREDIT
An unchecked buffer exists in the Internet Server API (ISAPI)
AuthFilter that can lead to a buffer overrun condition. An attacker can exploit
this vulnerability to run arbitrary code in the LocalSystem security context,
leading to remote compromise of the vulnerable server.
Discovered by Microsoft.
Unchecked Buffer in Commerce Server 2000 ISAPI Filter.
0 comments
Hide comments