Lucene search
K

33 matches found

Saint
Saint
added 2009/05/04 12:0 a.m.56 views

Internet Explorer WinINet credential reflection vulnerability

Added: 05/04/2009 CVE: CVE-2009-0550 BID: 34439 OSVDB: 53619 Background The Windows Internet WinINet application programming interface API provides applications with an implementation of standard protocols such as FTP and HTTP. Problem An NTLM credential reflection vulnerability allows a remote w...

9.3CVSS8.1AI score0.11749EPSS
Exploits5
Prion
Prion
added 2009/04/15 8:0 a.m.25 views

Design/Logic Flaw

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows...

9.3CVSS7.5AI score0.11749EPSS
Exploits5References16Affected Software2
NVD
NVD
added 2009/04/15 8:0 a.m.34 views

CVE-2009-0550

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows...

9.3CVSS6.9AI score0.11749EPSS
Exploits5References16
CVE
CVE
added 2009/04/15 3:49 a.m.116 views

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

9.3CVSS6.9AI score0.11749EPSS
Exploits5References16Affected Software5
Symantec
Symantec
added 2009/04/14 12:0 a.m.31 views

Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM NT LAN Manager credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. Technologies Affected Avaya Messaging Application Server Avaya Messagin...

7.7AI score
Exploits0References1Affected Software11
Check Point Advisories
Check Point Advisories
added 2009/04/14 12:0 a.m.47 views

Microsoft Windows HTTP Services Credential Reflection Code Execution (MS09-013; CVE-2009-0550)

Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote code execution vulnerability has been reported in the way Microsoft Windows HTTP Services handles NTLM credentials...

9.3CVSS7.1AI score0.11749EPSS
Exploits5
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.101 views

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...

10CVSS0.8AI score0.1415EPSS
Exploits7
Prion
Prion
added 2008/12/10 2:0 p.m.16 views

Code injection

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...

10CVSS7.9AI score0.15194EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2008/12/10 2:0 p.m.12 views

Design/Logic Flaw

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name SPN identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via...

10CVSS7.9AI score0.1583EPSS
Exploits1References8Affected Software3
NVD
NVD
added 2008/12/10 2:0 p.m.20 views

CVE-2008-3010

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...

10CVSS7.6AI score0.15194EPSS
Exploits1References8
Cvelist
Cvelist
added 2008/12/10 1:33 p.m.26 views

CVE-2008-3010

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...

7.6AI score0.15194EPSS
Exploits1References8
Prion
Prion
added 2008/11/12 11:30 p.m.26 views

Design/Logic Flaw

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential...

9.3CVSS7.9AI score0.59136EPSS
Exploits10References15Affected Software4
Cvelist
Cvelist
added 2008/11/12 11:0 p.m.49 views

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential...

7.2AI score0.59136EPSS
Exploits9References15
Rows per page
Query Builder