Buffer Overflow in Microsoft Commerce Server 2000's Office Web Components Installer
CVE-2002-0621

Currently unrated

Key Information:

Vendor: Microsoft
Status: Commerce Server
Vendor: CVE Published:; 3 July 2002

Summary

A vulnerability exists in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000, which allows remote attackers to exploit a buffer overflow. This exploitation can lead to the execution of arbitrary code within the LocalSystem security context or can cause the process to terminate unexpectedly. This issue arises from improper handling of input by the OWC package installer, allowing attackers to leverage crafted input to manipulate the application's behavior, posing significant risks to the integrity and security of affected systems.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.osvdb.org/5172

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/5108

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 12, 2002