9.3

CVE-2009-0550

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows Server 2003 Updatesp1 Editionitanium
MicrosoftWindows Server 2008 Editionitanium
MicrosoftWindows Vista Editionx64
MicrosoftWindows Vista Updatesp1
MicrosoftWindows Vista Versiongold
MicrosoftWindows Xp Editionpro_x64
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp2 Editionpro_x64
MicrosoftWindows Xp Updatesp3
MicrosoftWindows 2000 Updatesp4
MicrosoftIe Version6.0 Updatesp1
MicrosoftInternet Explorer Version5.01 Updatesp4
MicrosoftWindows Server 2003 Updatesp1 Editionitanium
MicrosoftWindows Xp Editionpro_x64
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp2 Editionpro_x64
MicrosoftWindows Xp Updatesp3
MicrosoftWindows Server 2003 Updatesp1 Editionitanium
MicrosoftWindows Server 2008 Edition32_bit
MicrosoftWindows Server 2008 Editionitanium
MicrosoftWindows Vista Editionx64
MicrosoftWindows Vista Updatesp1
MicrosoftWindows Vista Versiongold
MicrosoftWindows Xp Editionx64
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp2 Editionx64
MicrosoftWindows Xp Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 38.59% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C