Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3171
HistoryJul 04, 2002 - 12:00 a.m.

Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)

2002-07-0400:00:00
vulners.com
7
JSON

NGSSoftware Insight Security Research Advisory

Name: Microsoft Commerce Server 2000 & Commerce Server 2002
Systems Affected: WinNT, Win2K, XP
Severity: High Risk
Category: Buffer Overrun & Command Execution
Vendor URL: http://www.microsoft.com/
Authors: Mark Litchfield ([email protected]) & David Litchfield
([email protected])
Advisory URL: http://www.ngssoftware.com/advisories/ms-comsrvr.txt
Date: 3rd July 2002
Advisory number: #NISR03062002
VNA Reference: http://www.ngssoftware.com/vna/ms-comsrvr.txt

Description

Microsoft's Commerce Server 2000 and 2002 are web server products for
building e-commerce sites. These products provide tools and features that
simplify the development and deployment of e-commerce solutions and
analyzing site usage and performance. There are several remotely exploitable
buffer overruns in Commerce Server in disparate locations and a CGI
executable that allows the execution of arbitrary commands.

Details

The Profile Service of Microsoft Commerce Server 2000 allows remote
attackers to cause the server to fail or run arbitrary attacker supplied
code in the security context of the Local SYSTEM account. Several areas in
this service contain vulnerable code.

The Office Web Components (OWC) package installer used by Microsoft Commerce
Server 2000 allows remote attackers to cause the process to run arbitray
code in the LocalSystem security context by via input to the OWC package
installer. By default users have to authenticate to access this executable
so the risk posed is less severe in nature.

Again, the Office Web Components (OWC) package installer for Microsoft
Commerce Server 2000 allows remote attackers to execute commands by passing
the commands as input to the OWC package installer with a '/C' option.

Fix Information

NGSSoftware alerted Microsoft to these problems on the 6th March 2002. The
patches are available from:
Microsoft Commerce Server 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39591
Microsoft Commerce Server 2002:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39550

A check for these issues has been added to Typhon II, of which more
information is available from the NGSSite, http://www.ngssoftware.com.

Further Information

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf

JSON