The warning applies to System administrators running Microsoft's Commerce Server 2000 or Commerce Server 2002.

Four vulnerabilities were discovered in Commerce Server 2000, with one also affecting users of Commerce Server 2002. Each of the vulnerabilities could allow a hacker to run code of his or her choice.

Both versions of the software are vulnerable to a new variant of the ISAPI Filter vulnerability, which was originally patched in February. The flaw lies in the ISAPI filter (define), known on the software as the AuthFilter, that provides support for a variety of authentication methods. A security vulnerability results because AuthFilter contains an unchecked buffer (define) in a section of code that handles certain types of authentication requests.