Neowin.net

Title: Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273)
Date: June 26, 2002
Software: Microsoft Commerce Server 2000, Commerce Server 2002
Impact: Four vulnerabilities, each of which could run code of attacker's choice.
Max Risk: Critical

Thanks you know who (hint: xStainDx) for the heads up on the Security Bulletin update. Commerce Server 2000 and Commerce Server 2002 are web server products for building e-commerce sites. These products provides tools and features that simplify developing and deploying e-commerce solutions, and provide tools that let the site administrator analyze the usage of their e-commerce site.

Four vulnerabilities exist in the Commerce Server products:
• A vulnerability that results because the Profile Service contains an unchecked buffer in a section of code that handles certain types of API calls. The Profile Service can be used to enable users to manage their own profile information and to research the status of their order. An attacker who provided specially malformed data to certain calls exposed by the Profile Service could cause the Commerce Server process to fail, or could run code in the LocalSystem security context. This vulnerability only affects Commerce Server 2000.
• A buffer overrun vulnerability in the Office Web Components (OWC) package installer used by Commerce Server. An attacker who provided specially malformed data as input to the OWC package installer could cause the process to fail, or could run code in the LocalSystem security context. This vulnerability only affects Commerce Server 2000.
• A vulnerability in the Office Web Components (OWC) package installer used by Commerce Server. An attacker who invoked the OWC package installer in a particular manner could cause commands to be run on the Commerce Server according to the privileges associated with the attacker's log on credentials. This vulnerability only affects Commerce Server 2000.
• A new variant of the ISAPI Filter vulnerability discussed in Microsoft Security Bulletin MS02-010. This variant affects both Commerce Server 2000 and Commerce Server 2002.

Download: Patch for Microsoft Commerce Server 2000
Download: Patch for Microsoft Commerce Server 2002
View: More information and patch availability

Today MSN announced it had signed up for services in Austria, Belgium, Denmark, Germany, the Netherlands, Norway, Switzerland and Turkey. This gives the service a potential user base of 24 million across Europe. This figure represents the total number of total subscribers for all participating telcos.

Last December, Microsoft signed similar deals to give mobile access to its Hotmail users in Austria, Denmark, the Netherlands, Norway, Switzerland and Turkey. Although Microsoft doesn't give out the detailed figures, users for the service are thought to number in the tens of thousands.

John Delaney, principal analyst at Ovum said the deal showed Microsoft was struggling to interest the larger mobile carriers in the technology. He said: "Microsoft has a much bigger leverage with the smaller carriers, and a lot of the carriers are still focused on multi-media messaging on GPRS as the future."