Reported February 21, 2002, by Microsoft.
Microsoft Commerce Server 2000
An unchecked buffer exists in the Internet Server API (ISAPI) AuthFilter that can lead to a buffer overrun condition. An attacker can exploit this vulnerability to run arbitrary code in the LocalSystem security context, leading to remote compromise of the vulnerable server.
The vendor, Microsoft, has released Security Bulletin MS02-010, which addresses this vulnerability, and recommends that affected users immediately apply the patch available at the Security Bulletin URL.
Discovered by Microsoft.