1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise: Feb 21

Discussion in 'Web & Email' started by eddie5659, Feb 22, 2002.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Mar 19, 2001

    By default, Commerce Server 2000 installs a .dll with an ISAPI
    filter that allows the server to provide extended functionality in
    response to events on the server. This filter, called AuthFilter,
    provides support for a variety of authentication methods.
    Commerce Server 2000 can also be configured to use other
    authentication methods.

    A security vulnerability results because AuthFilter contains an
    unchecked buffer in a section of code that handles certain types
    of authentication requests. An attacker who provided
    authentication data that overran the buffer could cause the
    Commerce Server process to fail, or could run code in the
    security context of the Commerce Server process. The
    process runs with LocalSystem privileges, so exploiting the
    vulnerability would give the attacker complete control of
    the server.

    Affected Software:

    Microsoft Commerce Server 2000



As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Similar Threads - Unchecked Buffer ISAPI
  1. Dkapiate
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/70027

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice