Security Guide for Windows - Unchecked Buffer in Commerce Server

Guides
Products
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Download
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Purchase
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- ThreatFire
- Spam Monitor
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Support
- Online Support
- Lost Code
Company
- Awards
- Careers
- Community Forum
- Contact
- Labs
- News
- Partners
- Press Room
- Industry News


	Features Registry Guide Software Guide Scripting Guide Driver Guide Support Forums Newsletters Password Tool Downloads Dictionary Spyware Doctor PC Tools AntiVirus Firewall Plus


	Newsletter Receive regular Windows® updates Your privacy is ensured by our privacy policy

Security Home > BackOffice Software

Unchecked Buffer in Commerce Server New

An unchecked buffer in profile service could allow a malicious user to run code of their choice, in the LocalSystem security context, on Microsoft Commerce Server 2000 or 2002.

Issue

Commerce Server 2000 and Commerce Server 2002 are web server products for building e-commerce sites. These products provides tools and features that simplify developing and deploying e-commerce solutions, and provide tools that let the site administrator analyze the usage of their e-commerce site.

Four vulnerabilities exist in the Commerce Server products:

A vulnerability that results because the Profile Service contains an unchecked buffer in a section of code that handles certain types of API calls. The Profile Service can be used to enable users to manage their own profile information and to research the status of their order. An attacker who provided specially malformed data to certain calls exposed by the Profile Service could cause the Commerce Server process to fail, or could run code in the LocalSystem security context. This vulnerability only affects Commerce Server 2000.
A buffer overrun vulnerability in the Office Web Components (OWC) package installer used by Commerce Server. An attacker who provided specially malformed data as input to the OWC package installer could cause the process to fail, or could run code in the LocalSystem security context. This vulnerability only affects Commerce Server 2000.
A vulnerability in the Office Web Components (OWC) package installer used by Commerce Server. An attacker who invoked the OWC package installer in a particular manner could cause commands to be run on the Commerce Server according to the privileges associated with the attacker's log on credentials. This vulnerability only affects Commerce Server 2000.
A new variant of the ISAPI Filter vulnerability [id=246]discussed earlier[/id]. This variant affects both Commerce Server 2000 and Commerce Server 2002.

Affected Products

Microsoft Commerce Server 2000
Microsoft Commerce Server 2002

Download

Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: June 26, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<

Search Guides

Issue

Affected Products

Download

Further Details