Description
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Exploits & proofs of concept
- nucleiMicrosoft Windows 'HTTP.sys' - Remote Code Executionby Phillipo
References
- MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034
- EXPLOIThttps://www.exploit-db.com/exploits/36773/
- MISChttp://www.osvdb.org/120629
- MISChttp://www.securitytracker.com/id/1032109
- MISChttp://www.securityfocus.com/bid/74013
- EXPLOIThttps://www.exploit-db.com/exploits/36776/
- EXPLOIThttp://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html