Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
Informations | |||
---|---|---|---|
Name | MS09-013 | First vendor Publication | 2009-04-14 |
Vendor | Microsoft | Last vendor Modification | 2009-04-29 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (April 29, 2009): Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that the Known issues with this security update section in the associated Microsoft Knowledge Base Article 960803 has been updated. This is an informational change only.Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5320 | |||
Oval ID: | oval:org.mitre.oval:def:5320 | ||
Title: | Windows HTTP Services Credential Reflection Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0550 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6027 | |||
Oval ID: | oval:org.mitre.oval:def:6027 | ||
Title: | Windows HTTP Services Certificate Name Mismatch Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0089 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6149 | |||
Oval ID: | oval:org.mitre.oval:def:6149 | ||
Title: | Windows HTTP Services Integer Underflow Vulnerability | ||
Description: | Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0086 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7569 | |||
Oval ID: | oval:org.mitre.oval:def:7569 | ||
Title: | WinINet and Windows HTTP Services Credential Reflection Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0550 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 4 | |
Os | 5 | |
Os | 5 | |
Os | 4 |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer WinINet credential reflection vulnerability | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-15 | Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) File : nvt/secpod_ms09-013.nasl |
2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53621 | Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismat... |
53620 | Microsoft Windows HTTP Services Web Server Response Unspecified Integer Under... A memory corruption flaw exists in Windows. WinHTTP.dll fails to properly parse the HTTP chunksize parameter resulting in an integer underflow. With a specially crafted HTTP response, a context-dependent attacker can cause arbitrary code execution, resulting in a loss of integrity. |
53619 | Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-19 | IAVM : 2009-A-0034 - Microsoft Windows HTTP Services Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0018756 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Revision : 14 - Type : OS-WINDOWS |
2014-01-10 | Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt RuleID : 15462 - Revision : 20 - Type : BROWSER-OTHER |
2014-01-10 | WinHTTP SSL/TLS impersonation attempt RuleID : 15456 - Revision : 6 - Type : SERVER-OTHER |
2014-01-10 | SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Revision : 16 - Type : OS-WINDOWS |
2014-01-10 | Web-based NTLM replay attack attempt RuleID : 15124 - Revision : 17 - Type : OS-WINDOWS |
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 15009 - Revision : 22 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : The remote host contains an API that is affected by multiple vulnerabilities. File : smb_nt_ms09-013.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-014.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:12 |
|
2014-01-19 21:30:18 |
|
2013-11-11 12:41:11 |
|