Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2009-04-15T03:49:00

Updated: 2024-08-07T04:40:05.067Z

Reserved: 2009-02-12T00:00:00

Link: CVE-2009-0550

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-04-15T08:00:00.593

Modified: 2024-11-21T01:00:17.863

Link: CVE-2009-0550

cve-icon Redhat

No data.