Microsoft Windows HTTP Services Multiple Vulnerabilities

Submitted Tuesday, April 14, 2009 @ 04:14 PMMicrosoft company information - ( Microsoft News )secunia.com -- Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to conduct spoofing attacks or compromise a user's system.1) An integer underflow error in Windows HTTP Services can be exploited to execute arbitrary code via a specially crafted parameter returned by a malicious web server.2) An error in Windows HTTP Services while validating the distinguished name of a certificate can be exploited to spoof a valid certificate.Successful exploitation requires the ability to perform DNS spoofing attacks.3) An error in Windows HTTP Services can be exploited to reflect NTLM credentials and execute arbitrary code by tricking a user into connecting to a malicious web server. See the complete story here.