Four Common Vulnerabilities Found in Third-Party Applications


Websites are often comprised of several different third-party applications in order to offer different services to users. E-commerce websites can sometimes find that these programs don’t always work in harmony. They may also contain hidden vulnerabilities that can be exploited by hackers, causing damage to your website and negatively impacting your customers. Price manipulation, buffer overflows, and remote command execution are vulnerabilities that regularly occur on e-commerce sites, but there are many others as well.


Price Manipulation

Customers usually shop online because they can do price comparisons and can find better deals than are available at brick-and-mortar stores. This price sensitivity can create problems for businesses if they have been hacked. One vulnerability of e-commerce shopping carts allows hackers to change the final price of a user’s purchases. Users don’t typically realize that the prices have been manipulated, but they will be upset if the cost is higher than they expected.
Businesses, on the other hand, may not even be aware of this vulnerability until they start losing business and receiving customer complaints. High-volume businesses, where it is difficult to to monitor every single transaction, can fall victim to this type of attack..


business tips

Buffer Overflows

Buffer overflows are not unique to e-commerce websites. All websites are potentially vulnerable to open-ended statements that allow a request to go beyond standard parameters. If an e-commerce site is the victim of a buffer overflow, the hacker can obtain customer information that can be used to drain bank accounts or max out credit cards. Companies often don’t recover from this type of hacking, because customers will be reluctant to do business with them online after it becomes public knowledge that sensitive information has been stolen. .


Remote Command Execution

Remote command execution is another vulnerability that is not unique to e-commerce websites, but again often affects shopping carts. A shopping cart URL can be hijacked if Pete HP scripts or Perl scripts are used. Once the commands have been executed, hackers can  gain access to databases to change product codes, prices, or even insert false information in a company’s inventory. Before a company may realize they have been hacked, they can find themselves flooded with calls from angry customers. This scenario can result in a substantial loss of business, which can be devastating for many smaller online retailers.


Windows Promote Desktop Client

Windows has a program that allows individuals to give permission to others, enabling the third party to remotely access a desktop computer. This remote access is often performed by tech support personnel  to help individuals when they have had issues with software programs or Windows operating systems.
Windows announced a vulnerability in the Remote Desktop Client that can be exploited by hackers – meaning malicious users with the know-how can gain access at any time. E-commerce and other company websites are vulnerable if hackers use a customer’s desktop to gain access to their system. While this announcement has been made, many users remain unaware of the potential security issues that exist in windows XP, Windows 7 or Windows 8.
All companies that do business on the Internet should be aware of potential vulnerabilities in third-party applications. E-commerce businesses should be aware of the potential problems that can occur with price manipulation, buffer overflows and remote command execution.


Businesses should also understand that threats can occur if a customer’s system has been hacked due to a third-party vulnerability like the one found in Windows Remote Desktop client. Constant vigilance is necessary to monitor and update company websites so that hackers can’t find third-party vulnerabilities and use them to cause significant damage to your business.