Microsoft Commerce Server ISAPI Buffer Overflow Variation Vulnerability

AuthFilter is an ISAPI filter used by Commerce Server to support various methods of user authentication. It is important to note that this ISAPI filter is only contained in Commerce Server and not in Internet Information Server.

AuthFilter has been found to contain an unchecked buffer which could be exploited to cause a failure of the Commerce Server or execution of arbitrary code. AuthFilter is installed by default, but must be explicitly activated for this issue to be exploited.

The Commerce Server process runs with LocalSystem privileges.

This is a variation of the vulnerability discussed in Bugtraq ID 4157 / Microsoft Security Bulletin MS02-010. Reportedly, this issue varies in the specific manner in which it may be exploited.


Privacy Statement
Copyright 2010, SecurityFocus