x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

MS09-056

 
Threat LevelLow threatDamageHighDistributionNot widespread
Type:Vulnerability
Affected platforms:

Windows 2003/XP/2000

worm, Trojan or backdoor. It is a group of important vulnerabilities in the Windows CryptoAPI on Windows 7/2008/Vista/2003/XP/2000 computers, which allows spoofing.

The CryptoAPI provides services that enable application developers to add encryption/decryption of data, authentication using digital certificates, and encoding to and decoding from Abstract Syntax Notation One (ASN.1) to their Windows-based applications.

If exploited successfully, MS09-056 allows an attacking user to impersonate another user and could lead the user to make incorrect trust decisions.

MS09-056 is usually exploited by convincing a Certificate Authority trusted by the client to sign a certificate containing a malformed Object Identifier. Then, the attacking user could set up a rogue website which serves this certificate to a Windows client. This client application would then incorrectly parse the Commnon Name field and offer incorrect trust information to the user.

 

If you have a Windows 7/2008/Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.