Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:6CF3F624D444F4978352BD252D99FF52
HistoryMay 04, 2009 - 12:00 a.m.

Internet Explorer WinINet credential reflection vulnerability

2009-05-0400:00:00
SAINT Corporation
www.saintcorporation.com
22

0.283 Low

EPSS

Percentile

96.4%

JSON

Added: 05/04/2009
CVE: CVE-2009-0550
BID: 34439
OSVDB: 53619

Background

The Windows Internet (WinINet) application programming interface (API) provides applications with an implementation of standard protocols such as FTP and HTTP.

Problem

An NTLM credential reflection vulnerability allows a remote web site to re-use a userโ€™s authentication response to gain unauthorized access to the userโ€™s system.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-014.

References

<http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx&gt;

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer. In some cases, the user will also need to provide authentication credentials in order to load the page.

If successful, this exploit will disable the firewall on the target.

Platforms

Windows XP

Related

checkpoint_advisories 1
saint 3
prion 1
cve 1
seebug 1
securityvulns 4
openvas 4
nessus 3
threatpost 1
mskb 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows HTTP Services Credential Reflection Code Execution (MS09-013; CVE-2009-0550)
2009-04-14 00:00:00
saint
saint
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
prion
prion
Design/Logic Flaw
2009-04-15 08:00:00
cve
cve
CVE-2009-0550
2009-04-15 08:00:00
seebug
seebug
Microsoft Windows NTLMๅ‡ญๆฎๅๅฐ„่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž๏ผˆMS09-013/MS09-014๏ผ‰
2009-04-16 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution &#40;960803&#41;
2009-04-14 00:00:00
Microsoft Windows WinHTTP servive multiple security vulnerabilities
2009-04-14 00:00:00
Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer &#40;963027&#41;
2009-04-15 00:00:00
openvas
openvas
Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
2009-04-15 00:00:00
Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
2009-04-15 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
2009-04-15 00:00:00
nessus
nessus
MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
2009-04-15 00:00:00
MS09-014: Cumulative Security Update for Internet Explorer (963027)
2009-04-15 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32
mskb
mskb
MS09-014: Cumulative security update for Internet Explorer
2012-07-18 16:19:51

0.283 Low

EPSS

Percentile

96.4%

JSON
Related for SAINT:6CF3F624D444F4978352BD252D99FF52
checkpoint_advisories1saint3prion1cve1seebug1securityvulns4openvas4nessus3threatpost1mskb1