cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::32_bit cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0086 2009-04-15T04:00:00.453-04:00 2017-09-28T21:33:37.137-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:25:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1022041 BID 34435 SECUNIA 34677 OSVDB 53620 VUPEN ADV-2009-1027 IAVM IAVM:2009-A-0034 MS MS09-013 CERT TA09-104A Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."