10

CVE-2015-1635

Warnung
Exploit
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows 8.1 Version-
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64

10.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft HTTP.sys Remote Code Execution Vulnerability

Schwachstelle

Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 100% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html
Third Party Advisory
Exploit
VDB Entry
http://www.osvdb.org/120629
Broken Link
http://www.securityfocus.com/bid/74013
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1032109
Third Party Advisory
Broken Link
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/36773/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/36776/
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635
US Government Resource