9.3

CVE-2009-0550

EPSS 38.59%
Published 15.04.2009 08:00:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Server 2003 Updatesp1

Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Server 2008 Editionitanium

Microsoft ≫ Windows Server 2008 Editionx32

Microsoft ≫ Windows Server 2008 Editionx64

Microsoft ≫ Windows Vista Editionx64

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Vista Versiongold

Microsoft ≫ Windows Xp Editionpro_x64

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64

Microsoft ≫ Windows Xp Updatesp3

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Ie Version6.0 Updatesp1

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Server 2003 Updatesp1

Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Xp Editionpro_x64

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64

Microsoft ≫ Windows Xp Updatesp3

Microsoft ≫ Internet Explorer Version7

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Server 2003 Updatesp1

Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Server 2008

Microsoft ≫ Windows Server 2008 Edition32_bit

Microsoft ≫ Windows Server 2008 Editionitanium

Microsoft ≫ Windows Server 2008 Editionx64

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista Editionx64

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Vista Versiongold

Microsoft ≫ Windows Xp Editionx64

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionx64

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	38.59%	0.972

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

US Government Resource

http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

http://www.vupen.com/english/advisories/2009/1028

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014

http://secunia.com/advisories/34677

http://www.securitytracker.com/id?1022041

http://www.vupen.com/english/advisories/2009/1027

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013

http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx

http://osvdb.org/53619

http://secunia.com/advisories/34678

http://www.securityfocus.com/bid/34439

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569

https://nvd.nist.gov/vuln/detail/CVE-2009-0550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0550

EUVD