Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Unchecked Buffer Could Allow Commerce Server Compromise New
A security vulnerability exists in the Microsoft Commerce Server 2000 which could allow a remote attacker to exploit an unchecked buffer in an ISAPI filter and gain complete control of the server.
Issue
By default, Commerce Server 2000 installs a .dll with an ISAPI filter that allows the server to provide extended functionality in response to events on the server. This filter, called AuthFilter, provides support for a variety of authentication methods. Commerce Server 2000 can also be configured to use other authentication methods.
A security vulnerability results because AuthFilter contains an unchecked buffer in a section of code that handles certain types of authentication requests. An attacker who provided authentication data that overran the buffer could cause the Commerce Server process to fail, or could run code in the security context of the Commerce Server process. The process runs with LocalSystem privileges, so exploiting the vulnerability would give the attacker complete control of the server.
Affected Products
- Microsoft Commerce Server 2000
Download
Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36683
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: February 21, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
