Reported February 21, 2002, by Microsoft.
VERSION AFFECTED
Microsoft Commerce Server 2000
DESCRIPTION
An unchecked buffer exists in the Internet Server API (ISAPI)
AuthFilter that can lead to a buffer overrun condition. An attacker can exploit
this vulnerability to run arbitrary code in the LocalSystem security context,
leading to remote compromise of the vulnerable server.
VENDOR RESPONSE
The vendor, Microsoft, has released Security Bulletin MS02-010, which addresses this vulnerability, and recommends that affected users immediately apply the patch available at the Security Bulletin URL.
CREDIT
Discovered by Microsoft.