VULHUB ™

Microsoft Security Advisory MS02-010 - In a default state, Commerce Server 2000 installs a .dll with an ISAPI which contains an unchecked buffer in a section of code that handles authentication requests. An attacker who provided authentication data that overran the buffer can cause the Commerce Server process to fail, and run code in the security context of the Commerce Server process. The process runs with LocalSystem privileges, so exploiting the vulnerability would give the attacker complete control of the server. Microsoft FAQ on this issue available here.

Microsoft Security Advisory MS02-010 - In a default state, Commerce Server 2000 installs a .dll with an ISAPI which contains an unchecked buffer in a section of code that handles authentication requests. An attacker who provided authentication data that overran the buffer can cause the Commerce Server process to fail, and run code in the security context of the Commerce Server process. The process runs with LocalSystem privileges, so exploiting the vulnerability would give the attacker complete control of the server. Microsoft FAQ on this issue available here.