VULHUB ™

Microsoft Commerce Server is a web server products for building, deploying, and analyzing e-commerce sites. The OWC package installer implemented by Commerce Server is susceptible to a buffer overflow vulnerability. In the event that an authenticated attacker were to supply specially crafted malformed data to the OWC package installer, a denial of service attack or execution of arbitrary code may result depending on the data entered. Exploitation would occur in the LocalSystem security context. Only Microsoft Commerce Server 2000 is susceptible to this vulnerability.

Microsoft Commerce Server is a web server products for building, deploying, and analyzing e-commerce sites. The OWC package installer implemented by Commerce Server is susceptible to a buffer overflow vulnerability. In the event that an authenticated attacker were to supply specially crafted malformed data to the OWC package installer, a denial of service attack or execution of arbitrary code may result depending on the data entered. Exploitation would occur in the LocalSystem security context. Only Microsoft Commerce Server 2000 is susceptible to this vulnerability.