Remote Command Execution Vulnerability in Microsoft Commerce Server 2000 Office Web Components
CVE-2002-0622

Currently unrated

Key Information:

Vendor: Microsoft
Status: Commerce Server
Vendor: CVE Published:; 3 July 2002

Summary

The Office Web Components (OWC) installer in Microsoft Commerce Server 2000 is vulnerable to remote command execution due to improper handling of commands. An attacker can exploit this vulnerability by sending specially crafted input to the OWC package installer. If successful, this could allow remote execution of arbitrary commands on the server, potentially leading to unauthorized access and control over the affected system.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/5111

vdb-entryx_refsource_BID

http://www.osvdb.org/5170

vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 12, 2002