National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-0550)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-0550

Original release date:04/15/2009

Last revised:08/21/2010

Source: US-CERT/NIST

Overview

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA09-104A

Name: TA09-104A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA09-104A.html

External Source: MS

Name: MS09-014

Type: Advisory; Patch Information

Hyperlink:http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx

External Source: MS

Name: MS09-013

Type: Advisory; Patch Information

Hyperlink:http://www.microsoft.com/technet/security/Bulletin/MS09-013.mspx

External Source: VUPEN

Name: ADV-2009-1028

Hyperlink:http://www.vupen.com/english/advisories/2009/1028

External Source: VUPEN

Name: ADV-2009-1027

Hyperlink:http://www.vupen.com/english/advisories/2009/1027

External Source: SECTRACK

Name: 1022041

Hyperlink:http://www.securitytracker.com/id?1022041

External Source: BID

Name: 34439

Hyperlink:http://www.securityfocus.com/bid/34439

External Source: CONFIRM

Name: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

Hyperlink:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

External Source: SECUNIA

Name: 34678

Hyperlink:http://secunia.com/advisories/34678

External Source: SECUNIA

Name: 34677

Hyperlink:http://secunia.com/advisories/34677

External Source: OVAL

Name: oval:org.mitre.oval:def:7569

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7569

External Source: OVAL

Name: oval:org.mitre.oval:def:6233

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6233

External Source: OVAL

Name: oval:org.mitre.oval:def:5320

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5320

External Source: OSVDB

Name: 53619

Hyperlink:http://osvdb.org/53619

External Source: MISC

Name: http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx

Hyperlink:http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx

References to Check Content

Identifier:oval:org.mitre.oval:def:6233

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6233

Identifier:oval:org.mitre.oval:def:5320

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5320

Identifier:oval:org.mitre.oval:def:7569

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7569

Vulnerable software and versions

Configuration 1

* cpe:/o:microsoft:windows_xp:::pro_x64

* cpe:/o:microsoft:windows_xp::sp2:pro_x64

* cpe:/o:microsoft:windows_xp::sp2

* cpe:/o:microsoft:windows_xp::sp3

* cpe:/o:microsoft:windows_vista::sp1

* cpe:/o:microsoft:windows_vista:::x64

* cpe:/o:microsoft:windows_vista::sp1:x64

* cpe:/o:microsoft:windows_2000::sp4

* cpe:/o:microsoft:windows_vista:gold

* cpe:/o:microsoft:windows_server_2008:::itanium

* cpe:/o:microsoft:windows_server_2008:::x32

* cpe:/o:microsoft:windows_server_2008:::x64

* cpe:/o:microsoft:windows_server_2003::sp1

* cpe:/o:microsoft:windows_server_2003::sp2

* cpe:/o:microsoft:windows_server_2003::sp2:x64

* cpe:/o:microsoft:windows_server_2003:::x64

* cpe:/o:microsoft:windows_server_2003::sp1:itanium

* cpe:/o:microsoft:windows_server_2003::sp2:itanium

Configuration 2

AND

* cpe:/o:microsoft:windows_2000::sp4

* cpe:/a:microsoft:ie:5.01:sp4

* cpe:/a:microsoft:ie:6.0:sp1

Configuration 3

AND

* cpe:/a:microsoft:internet_explorer:6

* cpe:/o:microsoft:windows_xp::sp2

* cpe:/o:microsoft:windows_xp::sp3

* cpe:/o:microsoft:windows_server_2003::sp1

* cpe:/o:microsoft:windows_server_2003::sp2

* cpe:/o:microsoft:windows_xp:::pro_x64

* cpe:/o:microsoft:windows_xp::sp2:pro_x64

* cpe:/o:microsoft:windows_server_2003:::x64

* cpe:/o:microsoft:windows_server_2003::sp2:x64

* cpe:/o:microsoft:windows_server_2003::sp1:itanium

* cpe:/o:microsoft:windows_server_2003::sp2:itanium

Configuration 4

AND

* cpe:/a:microsoft:internet_explorer:7

* cpe:/o:microsoft:windows_xp::sp2

* cpe:/o:microsoft:windows_xp::sp3

* cpe:/o:microsoft:windows_vista::sp1

* cpe:/o:microsoft:windows_server_2008

* cpe:/o:microsoft:windows_server_2003::sp1

* cpe:/o:microsoft:windows_server_2003::sp2

* cpe:/o:microsoft:windows_vista:gold

* cpe:/o:microsoft:windows_server_2003::sp1:itanium

* cpe:/o:microsoft:windows_server_2003::sp2:itanium

* cpe:/o:microsoft:windows_vista

* cpe:/o:microsoft:windows_vista:::x64

* cpe:/o:microsoft:windows_vista::sp1:x64

* cpe:/o:microsoft:windows_server_2008:::32_bit

* cpe:/o:microsoft:windows_server_2008:::x64

* cpe:/o:microsoft:windows_server_2008:::itanium

* cpe:/o:microsoft:windows_xp:::x64

* cpe:/o:microsoft:windows_xp::sp2:x64

* cpe:/o:microsoft:windows_server_2003:::x64

* cpe:/o:microsoft:windows_server_2003::sp2:x64

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Other (NVD-CWE-Other)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0550