What is the severity of CVE-2009-0086?

CVE-2009-0086 is rated as a critical vulnerability due to its potential to allow remote code execution.

How do I fix CVE-2009-0086?

To mitigate CVE-2009-0086, it is recommended to install the latest security updates provided by Microsoft for affected Windows versions.

Which Windows versions are affected by CVE-2009-0086?

CVE-2009-0086 affects multiple versions including Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista, and Server 2008.

What type of attack can exploit CVE-2009-0086?

CVE-2009-0086 can be exploited through crafted parameter values in HTTP responses from remote servers.

Is there a workaround for CVE-2009-0086 until I can apply a patch?

A temporary workaround for CVE-2009-0086 includes restricting access to vulnerable services or disabling unnecessary HTTP features.

Vulnerability/
CVE-2009-0086

critical

CWE

189

15/4/2009

7/12/2023

CVE-2009-0086

First published: Wed Apr 15 2009(Updated: )

Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 2000	=sp4
Microsoft Windows Server 2003
Microsoft Windows Server 2003	=sp1
Microsoft Windows Server 2003	=sp1
Microsoft Windows Server 2003	=sp2
Microsoft Windows Server 2008 Itanium
Microsoft Windows Server 2008 Itanium
Microsoft Windows Server 2008 Itanium
Microsoft Windows Server 2008 Itanium
Microsoft Windows Vista
Microsoft Windows Vista
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=gold
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
Microsoft Windows Vista	=sp1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0086?
CVE-2009-0086 is rated as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2009-0086?
To mitigate CVE-2009-0086, it is recommended to install the latest security updates provided by Microsoft for affected Windows versions.
Which Windows versions are affected by CVE-2009-0086?
CVE-2009-0086 affects multiple versions including Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista, and Server 2008.
What type of attack can exploit CVE-2009-0086?
CVE-2009-0086 can be exploited through crafted parameter values in HTTP responses from remote servers.
Is there a workaround for CVE-2009-0086 until I can apply a patch?
A temporary workaround for CVE-2009-0086 includes restricting access to vulnerable services or disabling unnecessary HTTP features.

agent/references
agent/author
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/weakness
agent/severity
agent/tags
agent/description
agent/event
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-index
vendor/microsoft
canonical/microsoft windows 2000
version/microsoft windows 2000/sp4
canonical/microsoft windows server 2003
version/microsoft windows server 2003/sp1
version/microsoft windows server 2003/sp2
canonical/microsoft windows server 2008 itanium
canonical/microsoft windows vista
version/microsoft windows vista/sp1
version/microsoft windows vista/gold
canonical/microsoft windows xp
version/microsoft windows xp/sp2
version/microsoft windows xp/sp3

Frequently Asked Questions

What is the severity of CVE-2009-0086?
CVE-2009-0086 is rated as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2009-0086?
To mitigate CVE-2009-0086, it is recommended to install the latest security updates provided by Microsoft for affected Windows versions.
Which Windows versions are affected by CVE-2009-0086?
CVE-2009-0086 affects multiple versions including Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista, and Server 2008.
What type of attack can exploit CVE-2009-0086?
CVE-2009-0086 can be exploited through crafted parameter values in HTTP responses from remote servers.
Is there a workaround for CVE-2009-0086 until I can apply a patch?
A temporary workaround for CVE-2009-0086 includes restricting access to vulnerable services or disabling unnecessary HTTP features.

CVE-2009-0086

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0086?

How do I fix CVE-2009-0086?

Which Windows versions are affected by CVE-2009-0086?

What type of attack can exploit CVE-2009-0086?

Is there a workaround for CVE-2009-0086 until I can apply a patch?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-0086?

How do I fix CVE-2009-0086?

Which Windows versions are affected by CVE-2009-0086?

What type of attack can exploit CVE-2009-0086?

Is there a workaround for CVE-2009-0086 until I can apply a patch?