Reported February 21, 2002, by Microsoft.

VERSION AFFECTED

 

  • Microsoft Commerce Server 2000

 

DESCRIPTION
An unchecked buffer exists in the Internet Server API (ISAPI) AuthFilter that can lead to a buffer overrun condition. An attacker can exploit this vulnerability to run arbitrary code in the LocalSystem security context, leading to remote compromise of the vulnerable server.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-010, which addresses this vulnerability, and recommends that affected users immediately apply the patch available at the Security Bulletin URL.

 

CREDIT
Discovered by Microsoft.