78 matches found
CVE-2009-0089
Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...
CVE-2009-0550
Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows...
Design/Logic Flaw
Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...
CVE-2009-0550
CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...
CVE-2009-0089
CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...
CVE-2009-0086
CVE-2009-0086 describes an integer underflow in Windows HTTP Services (WinHTTP) that allows remote code execution when a remote server sends crafted values in a response. The vulnerability affects multiple Windows versions, including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/...
CVE-2009-0086
Integer underflow in Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windo...
Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
This host is missing a critical security update according to Microsoft Bulletin MS09-013. OpenVAS Vulnerability Test $Id: secpodms09-013.nasl 5934 2017-04-11 12:28:28Z antu123 $ Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities 960803 Authors: Chandan S Updated By: Madhuri D...
PT-2009-2786 · Microsoft · Windows +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to an integer underflow in Windows HTTP Services, allowing remote HTTP servers to execute arbitrary code via crafted parameter values in a response. This ...
PT-2009-2789 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists due to incomplete validation of the distinguished name in a digital certificate. This can be combined with other attacks, such as DNS spoofing, allowin...
MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
The version of Windows HTTP Services installed on the remote host is affected by several vulnerabilities : - An integer underflow triggered by a specially crafted response from a malicious web server for example, during device discovery of UPnP devices on a network may allow for arbitrary code...
Windows HTTP Services Could Allow RCE Vulnerabilities (960803)
This host is missing a critical security update according to Microsoft Bulletin MS09-013. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...
Protection against Microsoft Windows HTTP Services Certificate Name Mismatch Remote Code Execution Vulnerability (MS09-013)
A spoofing vulnerability has been reported in Microsoft Windows HTTP Services. Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote attacker may exploit this issue to...
Microsoft Windows HTTP Services Credential Reflection Code Execution (MS09-013; CVE-2009-0550)
Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote code execution vulnerability has been reported in the way Microsoft Windows HTTP Services handles NTLM credentials...
Microsoft Windows HTTP Services Chunked Encoding Integer Underflow (MS09-013; CVE-2009-0086)
Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote code execution vulnerability has been reported in Microsoft Windows HTTP Services. The vulnerability is due to the...
Remote Denial of Service of HTTP server and client
giFT-FastTrack is susceptible to a remote Denial of Service attack which could allow a remote attacker to render HTTP services unusable. According to the developers, no code execution is possible; however, they recommend an immediate upgrade...
Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)
Update for Background Intelligent Transfer Service BITS 2.0 and WinHTTP 5.1 KB842773...