Intrusion Prevention

MS.Windows.HTTP.Services.Integer.Underflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in Microsoft Windows HTTP Services (WinHTTP).
The vulnerability is caused because the vulnerable application fails to adequately sanitise user-supplied input. Attackers can exploit this to execute arbitrary code in the context of the user running the application. Successful exploits will compromise an affected system.

Affected Products

Windows XP Professional - sp2 (i386)
Windows XP Professional - sp3 (i386)
Windows Vista Ultimate - sp0 (i386)
Windows Vista Ultimate - sp1 (i386)

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2009-0086