CVE-2009-0086

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to an integer underflow in Windows HTTP Services, allowing remote HTTP servers to execute arbitrary code via crafted parameter values in a response. This is due to improper error handling. A remote code execution vulnerability exists in the way that Windows HTTP Services handle specific values returned by a remote Web server. An attacker who successfully exploits this could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with the same user rights as the service or application that calls the WinHTTP API to connect to the attacker's Web server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.