A memory corruption flaw exists in Windows. WinHTTP.dll fails to properly parse the HTTP chunksize parameter resulting in an integer underflow. With a specially crafted HTTP response, a context-dependent attacker can cause arbitrary code execution, resulting in a loss of integrity.

Microsoft has released a patch to address this vulnerability. Additionally, a user can make registry changes to mitigate this vulnerability without patching.

• Security Tracker: 1022041
• CVE ID: 2009-0086 (see also: NVD)
• Secunia Advisory ID: 34677
• SCIP VulDB ID: 3950
• Related OSVDB ID: 53619 53620 53621
• Microsoft Knowledge Base Article: 960803
• News Article: http://gcn.com/articles/2009/04/15/microsoft-april-security-patch.aspx
  http://www.eweek.com/c/a/Security/Micrsoft-Patch-Tuesday-Plugs-Security-Holes-as-Hackers-Circle-317813/
• Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA09-104A.html
  http://www.vupen.com/english/advisories/2009/1027
• Microsoft Security Bulletin: MS09-013

• Greg MacManus - iSIGHT Partners Labs