CVE-2009-0550

Name of the Vulnerable Software and Affected Versions Windows HTTP Services versions 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 WinINet in Microsoft Internet Explorer versions 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008

Description A remote code execution issue exists due to the way Windows HTTP Services and WinINet handle NTLM credentials when a user connects to a remote web server via the HTTP protocol. This allows an attacker to capture and replay the user's NTLM credentials and execute arbitrary code in the context of the logged-on user. If the user has administrative rights, the attacker could gain complete control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows HTTP Services versions 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, consider disabling the NTLM credential handling feature until a patch is available. For WinINet in Microsoft Internet Explorer versions 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008, restrict access to the NTLM credential handling functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.