SecuritySpace - CVE-2009-2511

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2009-2511

Description: Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-2511
Cert/CC Advisory: TA09-286A
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
Microsoft Security Bulletin: MS09-056
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6186

CVE ID:	CVE-2009-2511
Description:	Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2511 Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html Microsoft Security Bulletin: MS09-056 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6186