Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
microsoft windows vista gold |
||
microsoft windows xp |
||
microsoft windows 2000 |
||
microsoft windows server 2003 |
||
microsoft windows server 2008 |
||
microsoft windows vista |
||
microsoft windows_2000 |
||
microsoft ie 6.0 |
||
microsoft internet_explorer 5.01 |
||
microsoft internet_explorer 6 |
||
microsoft windows_server_2003 |
||
microsoft windows_xp |
||
microsoft internet_explorer 7 |
||
microsoft windows_server_2008 |
||
microsoft windows_vista |
||
microsoft windows_vista gold |
Vulmon