MS09-013 is set of 3 bugs in the Windows HTTP library. This affects any application using the winhttp.dll client library. It’s important to note that several services use this library, including UnP and Java Update. Of most interest is an integer underun. This is located in the ChunkFilter::Decode() method. Incorrect usage of the size field gets passed down to RtlMoveMemory() which shifts the source address down 0xA bytes. An error occurs when a malicious web server uses chunk encoding and passes an overly large (negative) value.
This bug is not readily exploitable for remote code execution unless you can corrupt memory in such a way to affect a thread stack and/or a function pointer.