New Search

Windows HTTP Services Credential Reflection Vulnerability

oval:org.mitre.oval:def:5320

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4 XP SP2 and SP3 Server 2003 SP1 and SP2 Vista Gold and SP1 and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4 6 SP1 6 and 7 on Windows XP SP2 and SP3 6 and 7 on Windows Server 2003 SP1 and SP2 7 on Windows Vista Gold and SP1 and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials and execute arbitrary code via vectors related to absence of a "credential-reflection protections" opt-in step aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

Family:
windows
Status:
DEPRECATED
Platform(s):
  • Microsoft Windows XP
  • Microsoft Windows 2000
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
Class:
vulnerability
Reference(s):
  • CVE-2009-0550
Product(s):