|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
A remote overflow exists in Microsoft Commerce Server. Microsoft Commerce Server Office Web Component package installer fails to handle malformed data resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or DoS resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
|
|
Technical |
Exploitation would occur in the LocalSystem security context. Only Microsoft Commerce Server 2000 is susceptible to this vulnerability. By default users have to authenticate to access this executable so the risk posed is less severe in nature.
|
|
Solution |
Install Microsoft Patch Q322273, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): remove the OWC package installer. The OWC package installer is named BDOWC.EXE, found in the directory /Program Files/Microsoft Commerce Server/widgets/owc, and can be deleated.
|
|
Products |
|
Commerce Server
 |
2000 |
2002 |
2000 SP1 |
2000 SP2 |
|
|
|
|
|
|
Credit |
- Mark Litchfield - mark
 ngssoftware.com - NGS Software
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
