ID CVE-2009-0086
Summary Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Server 2008
    cpe:2.3:o:microsoft:windows_server_2008
  • cpe:2.3:o:microsoft:windows_server_2008:-:32_bit
    cpe:2.3:o:microsoft:windows_server_2008:-:32_bit
  • cpe:2.3:o:microsoft:windows_server_2008:-:itanium
    cpe:2.3:o:microsoft:windows_server_2008:-:itanium
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • cpe:2.3:o:microsoft:windows_vista:-:x64
    cpe:2.3:o:microsoft:windows_vista:-:x64
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • cpe:2.3:o:microsoft:windows_vista:gold
    cpe:2.3:o:microsoft:windows_vista:gold
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 10.0 (as of 15-04-2009 - 09:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS09-013
bulletin_url
date 2009-04-14T00:00:00
impact Remote Code Execution
knowledgebase_id 960803
knowledgebase_url
severity Critical
title Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-013.NASL
    description The version of Windows HTTP Services installed on the remote host is affected by several vulnerabilities : - An integer underflow triggered by a specially crafted response from a malicious web server (for example, during device discovery of UPnP devices on a network) may allow for arbitrary code execution. (CVE-2009-0086) - Incomplete validation of the distinguished name in a digital certificate may, in combination with other attacks, allow an attacker to successfully spoof the digital certificate of a third-party website. (CVE-2009-0089) - A flaw in the way that Windows HTTP Services handles NTLM credentials may allow an attacker to reflect back a user's credentials and thereby gain access as that user. (CVE-2009-0550)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 36151
    published 2009-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36151
    title MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
oval via4
accepted 2013-04-29T04:17:44.484-04:00
class vulnerability
contributors
  • name Kyle Key
    organization Gideon Technologies, Inc.
  • name Brendan Miles
    organization The MITRE Corporation
  • name Mike Lah
    organization The MITRE Corporation
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
description Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
family windows
id oval:org.mitre.oval:def:6149
status accepted
submitted 2009-04-14T16:00:00
title Windows HTTP Services Integer Underflow Vulnerability
version 75
refmap via4
bid 34435
cert TA09-104A
ms MS09-013
osvdb 53620
sectrack 1022041
secunia 34677
vupen ADV-2009-1027
Last major update 21-08-2010 - 01:29
Published 15-04-2009 - 04:00
Last modified 26-02-2019 - 09:04
Back to Top