Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1CCCF843AFBE2EAFA4B2ED362C5768AA
HistoryMay 04, 2009 - 12:00 a.m.

Internet Explorer WinINet credential reflection vulnerability

2009-05-0400:00:00
SAINT Corporation
download.saintcorporation.com
24

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.283 Low

EPSS

Percentile

96.4%

JSON

Added: 05/04/2009
CVE: CVE-2009-0550
BID: 34439
OSVDB: 53619

Background

The Windows Internet (WinINet) application programming interface (API) provides applications with an implementation of standard protocols such as FTP and HTTP.

Problem

An NTLM credential reflection vulnerability allows a remote web site to re-use a userโ€™s authentication response to gain unauthorized access to the userโ€™s system.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-014.

References

<http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx&gt;

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer. In some cases, the user will also need to provide authentication credentials in order to load the page.

If successful, this exploit will disable the firewall on the target.

Platforms

Windows XP

Related

checkpoint_advisories 1
saint 3
prion 1
cve 1
seebug 1
nessus 3
openvas 4
securityvulns 4
threatpost 1
mskb 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows HTTP Services Credential Reflection Code Execution (MS09-013; CVE-2009-0550)
2009-04-14 00:00:00
saint
saint
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
prion
prion
Design/Logic Flaw
2009-04-15 08:00:00
cve
cve
CVE-2009-0550
2009-04-15 08:00:00
seebug
seebug
Microsoft Windows NTLMๅ‡ญๆฎๅๅฐ„่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž๏ผˆMS09-013/MS09-014๏ผ‰
2009-04-16 00:00:00
nessus
nessus
MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
2009-04-15 00:00:00
MS09-014: Cumulative Security Update for Internet Explorer (963027)
2009-04-15 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
openvas
openvas
Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
2009-04-15 00:00:00
Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
2009-04-15 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
2009-04-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution &#40;960803&#41;
2009-04-14 00:00:00
Microsoft Windows WinHTTP servive multiple security vulnerabilities
2009-04-14 00:00:00
Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer &#40;963027&#41;
2009-04-15 00:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32
mskb
mskb
MS09-014: Cumulative security update for Internet Explorer
2012-07-18 16:19:51

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.283 Low

EPSS

Percentile

96.4%

JSON
Related for SAINT:1CCCF843AFBE2EAFA4B2ED362C5768AA
checkpoint_advisories1saint3prion1cve1seebug1nessus3openvas4securityvulns4threatpost1mskb1