10

CVE-2015-1635

Warning
Exploit

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows 8.1 Version-
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64

10.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft HTTP.sys Remote Code Execution Vulnerability

Vulnerability

Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 94.31% 0.999
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.securityfocus.com/bid/74013
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032109
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/36773/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/36776/
Third Party Advisory
Exploit
VDB Entry