7.5 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.613 Medium
EPSS
Percentile
97.8%
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka βWindows HTTP Services Integer Underflow Vulnerability.β
osvdb.org/53620
secunia.com/advisories/34677
www.securityfocus.com/bid/34435
www.securitytracker.com/id?1022041
www.us-cert.gov/cas/techalerts/TA09-104A.html
www.vupen.com/english/advisories/2009/1027
docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6149