Vulnerabilities > CVE-2009-0550 - Unspecified vulnerability in Microsoft products
Summary
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 20 | |
Application | 4 |
Msbulletin
bulletin_id MS09-013 bulletin_url date 2009-04-14T00:00:00 impact Remote Code Execution knowledgebase_id 960803 knowledgebase_url severity Critical title Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution bulletin_id MS09-014 bulletin_url date 2009-04-14T00:00:00 impact Remote Code Execution knowledgebase_id 963027 knowledgebase_url severity Critical title Cumulative Security Update for Internet Explorer
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-013.NASL description The version of Windows HTTP Services installed on the remote host is affected by several vulnerabilities : - An integer underflow triggered by a specially crafted response from a malicious web server (for example, during device discovery of UPnP devices on a network) may allow for arbitrary code execution. (CVE-2009-0086) - Incomplete validation of the distinguished name in a digital certificate may, in combination with other attacks, allow an attacker to successfully spoof the digital certificate of a third-party website. (CVE-2009-0089) - A flaw in the way that Windows HTTP Services handles NTLM credentials may allow an attacker to reflect back a user last seen 2020-06-01 modified 2020-06-02 plugin id 36151 published 2009-04-15 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36151 title MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(36151); script_version("1.35"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2009-0086", "CVE-2009-0089", "CVE-2009-0550"); script_bugtraq_id(34435, 34437, 34439); script_xref(name:"MSFT", value:"MS09-013"); script_xref(name:"MSKB", value:"960803"); script_xref(name:"IAVA", value:"2009-A-0034"); script_name(english:"MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)"); script_summary(english:"Checks version of Winhttp.dll"); script_set_attribute(attribute:"synopsis", value: "The remote host contains an API that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Windows HTTP Services installed on the remote host is affected by several vulnerabilities : - An integer underflow triggered by a specially crafted response from a malicious web server (for example, during device discovery of UPnP devices on a network) may allow for arbitrary code execution. (CVE-2009-0086) - Incomplete validation of the distinguished name in a digital certificate may, in combination with other attacks, allow an attacker to successfully spoof the digital certificate of a third-party website. (CVE-2009-0089) - A flaw in the way that Windows HTTP Services handles NTLM credentials may allow an attacker to reflect back a user's credentials and thereby gain access as that user. (CVE-2009-0550)"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-013"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(20, 189); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-013'; kb = "960803"; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', vista:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); vuln = 0; if ( # Windows Vista and Windows Server 2008 hotfix_is_vulnerable(os:"6.0", sp:1, file:"Winhttp.dll", version:"6.0.6001.22323", min_version:"6.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Winhttp.dll", version:"6.0.6001.18178", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Winhttp.dll", version:"6.0.6000.20971", min_version:"6.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Winhttp.dll", version:"6.0.6000.16786", dir:"\system32", bulletin:bulletin, kb:kb) || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, file:"Winhttp.dll", version:"5.1.2600.5727", dir:"\System32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Winhttp.dll", version:"5.1.2600.3494", dir:"\System32", bulletin:bulletin, kb:kb) || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Winhttp.dll", version:"5.1.2600.3490", dir:"\System32", bulletin:bulletin, kb:kb) ) vuln++; hotfix_check_fversion_end(); if (hotfix_check_sp(win2003:3) > 0) { if (hotfix_check_sp(win2003:2) > 0) fixed_version = '5.2.3790.3262'; # fix for SP1 (and earlier) else fixed_version = '5.2.3790.4427'; # fix for SP2 login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); r = NetUseAdd(login:login, password:pass, domain:domain, share:share); if ( r != 1 ) audit(AUDIT_SHARE_FAIL, share); winsxs = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\WinSxS", string:rootfile); files = list_dir(basedir:winsxs, level:0, dir_pat:"microsoft.windows.winhttp", file_pat:"^winhttp\.dll$"); vuln += hotfix_check_winsxs(os:'5.2', sp:1, files:files, versions:make_list('5.2.3790.3262'), bulletin:bulletin, kb:kb); vuln += hotfix_check_winsxs(os:'5.2', sp:2, files:files, versions:make_list('5.2.3790.4427'), bulletin:bulletin, kb:kb); NetUseDel(); } if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); exit(0); } else { audit(AUDIT_HOST_NOT, 'affected'); }
NASL family Windows NASL id WIN_SERVER_2008_NTLM_PCI.NASL description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 108811 published 2018-04-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108811 title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-014.NASL description The remote host is missing IE Security Update 963027. The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 36152 published 2009-04-15 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36152 title MS09-014: Cumulative Security Update for Internet Explorer (963027)
Oval
accepted 2009-06-29T04:00:25.753-04:00 class vulnerability contributors name Kyle Key organization Gideon Technologies, Inc. name Brendan Miles organization The MITRE Corporation name J. Daniel Brown organization DTCC name Mike Lah organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP SP1 (64-bit) is installed oval oval:org.mitre.oval:def:480 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 SP1 (x64) is installed oval oval:org.mitre.oval:def:4386 comment Microsoft Windows Server 2003 (ia64) SP1 is installed oval oval:org.mitre.oval:def:1205 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667
description Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." family windows id oval:org.mitre.oval:def:5320 status deprecated submitted 2009-04-14T16:00:00 title Windows HTTP Services Credential Reflection Vulnerability version 75 accepted 2009-06-29T04:01:05.570-04:00 class vulnerability contributors name Dragos Prisaca organization Gideon Technologies, Inc. name Brendan Miles organization The MITRE Corporation name J. Daniel Brown organization DTCC
definition_extensions comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Internet Explorer 5.01 SP4 is installed oval oval:org.mitre.oval:def:325 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP SP2 is installed oval oval:org.mitre.oval:def:521 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP x64 Edition SP1 is installed oval oval:org.mitre.oval:def:720 comment Microsoft Windows Server 2003 SP1 (x64) is installed oval oval:org.mitre.oval:def:4386 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 (ia64) SP1 is installed oval oval:org.mitre.oval:def:1205 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP1 is installed oval oval:org.mitre.oval:def:720 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP1 is installed oval oval:org.mitre.oval:def:720 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP1 (x64) is installed oval oval:org.mitre.oval:def:4386 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP1 is installed oval oval:org.mitre.oval:def:1205 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP1 (x64) is installed oval oval:org.mitre.oval:def:4386 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP1 is installed oval oval:org.mitre.oval:def:1205 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 x64 Edition is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 x64 Edition is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5667
description Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." family windows id oval:org.mitre.oval:def:6233 status deprecated submitted 2009-04-14T16:00:00 title WinINet Credential Reflection Vulnerability version 71 accepted 2014-08-18T04:06:30.302-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Mike Lah organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Internet Explorer 5.01 SP4 is installed oval oval:org.mitre.oval:def:325 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP is installed oval oval:org.mitre.oval:def:105 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667
description Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." family windows id oval:org.mitre.oval:def:7569 status accepted submitted 2009-12-26T17:00:00.000-05:00 title WinINet and Windows HTTP Services Credential Reflection Vulnerability version 79
Saint
bid | 34439 |
description | Internet Explorer WinINet credential reflection vulnerability |
id | win_patch_ie_v5,win_patch_ie_v6,win_patch_ie_v7 |
osvdb | 53619 |
title | ie_wininet_credential_reflection |
type | client |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 34439 CVE(CAN) ID: CVE-2009-0550 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的HTTP服务没有正确地实现NTLM凭据反射保护以确保用户的凭据没有被反射和使用。如果用户连接到了攻击者的WEB服务器,Windows HTTP服务处理NTLM凭据的方式存允许攻击者重放用户凭据并以登录用户的权限执行任意代码。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4 Microsoft Windows XP x64 SP2 Microsoft Windows XP x64 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 厂商补丁: Microsoft --------- Microsoft已经为此发布了两个安全公告(MS09-013/MS09-014)以及相应补丁: MS09-013:Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx?pf=true</a> MS09-014:Cumulative Security Update for Internet Explorer (963027) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx?pf=true</a> |
id | SSV:5053 |
last seen | 2017-11-19 |
modified | 2009-04-16 |
published | 2009-04-16 |
reporter | Root |
title | Microsoft Windows NTLM凭据反射远程代码执行漏洞(MS09-013/MS09-014) |
References
- http://secunia.com/advisories/34678
- http://secunia.com/advisories/34677
- http://www.vupen.com/english/advisories/2009/1027
- http://www.us-cert.gov/cas/techalerts/TA09-104A.html
- http://www.vupen.com/english/advisories/2009/1028
- http://www.securitytracker.com/id?1022041
- http://osvdb.org/53619
- http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138
- http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx
- http://www.securityfocus.com/bid/34439
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013