Lucene search

K
saintSAINT CorporationSAINT:6CF3F624D444F4978352BD252D99FF52
HistoryMay 04, 2009 - 12:00 a.m.

Internet Explorer WinINet credential reflection vulnerability

2009-05-0400:00:00
SAINT Corporation
www.saintcorporation.com
22

0.283 Low

EPSS

Percentile

96.4%

Added: 05/04/2009
CVE: CVE-2009-0550
BID: 34439
OSVDB: 53619

Background

The Windows Internet (WinINet) application programming interface (API) provides applications with an implementation of standard protocols such as FTP and HTTP.

Problem

An NTLM credential reflection vulnerability allows a remote web site to re-use a userโ€™s authentication response to gain unauthorized access to the userโ€™s system.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-014.

References

<http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx&gt;

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer. In some cases, the user will also need to provide authentication credentials in order to load the page.

If successful, this exploit will disable the firewall on the target.

Platforms

Windows XP

0.283 Low

EPSS

Percentile

96.4%