Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability

Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability

by Nikola Strahija on February 24th, 2002 The AuthFilter ISAPI filter used by Commerce Server 2000 to support user authentication contains an unchecked buffer. Providing AuthFilter with malformed data could lead to either failure of the Commerce Server, or to arbitrary code execution.


Microsoft Commerce Server 2000 is a web server geared towards building e-commerce websites. It uses Microsoft Internet Information Server to provide basic web server functionality, but also includes additional features and functions.

The Commerce Server process runs with LocalSystem privileges.

Remote: Yes

Exploit: There is no exploit.

Solution: Microsoft has released a patch to address this issue:



Microsoft Commerce Server 2000 :

Microsoft Patch Q317615
http://download.microsoft.com/download/comserver/Patch/1.0/NT5/EN-US/Q317615_COMMERCE_2000_EN.EXE


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »