Public exploits available
A vulnerability exists in the ISAPI filter used by Commerce Support because it fails to properly check a buffer. This could cause remote code execution.
It could be possible for the attacker to run code of their choice on the Commerce Server system.
The Commerce Server Profile Service is used by web sites to provide users with the ability to manage their own profile information. The vulnerability results because an API method in the Profile Service contains an unchecked buffer. This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could gain complete control over an affected IIS server.
All applications not on the affected list.
No known false positives at this time.