CVE-2009-0550

Published: Apr 15, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

Affected (24)

Products: Microsoft: Windows Server 2008, Windows 2000, Ie, Internet Explorer, Windows Xp, Windows Server 2003, Windows Vista

7 products

Windows Server 2008

Internet Explorer

Windows Server 2003

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2008	All versions

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Ie	Version 6.0 sp1
Microsoft Internet Explorer	Version 5.01 sp4

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration D

17 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	Version gold
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (32)

http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx

Source: secure@microsoft.com

http://osvdb.org/53619

Source: secure@microsoft.com

http://secunia.com/advisories/34677

Source: secure@microsoft.com

http://secunia.com/advisories/34678

Source: secure@microsoft.com

http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

Source: secure@microsoft.com

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

Source: secure@microsoft.com

http://www.securityfocus.com/bid/34439

Source: secure@microsoft.com

http://www.securitytracker.com/id?1022041

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2009/1027

Source: secure@microsoft.com

http://www.vupen.com/english/advisories/2009/1028

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569

Source: secure@microsoft.com

http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/53619

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34677

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34678

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34439

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022041

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/1027

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1028

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.