An attacker in position of man-in-the-middle can access sensitive information from a client using a HTTP proxy with NTLM authentication to connect to the server. A remote attacker can crash a server and possibly execute arbitrary code on the affected host under specific conditions.