← back
CVE-2015-1635

CVE-2015-1635

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-94
In short

A flaw in Windows' HTTP.sys component allows attackers to run malicious code on a computer by sending specially crafted HTTP requests over the network. This is critical because it can be exploited without authentication.

Technical detail

HTTP.sys in affected Windows versions contains a memory corruption vulnerability (CWE-94: Improper Control of Generation of Code) that can be triggered via malformed HTTP requests. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution with the privileges of the HTTP.sys process, typically SYSTEM-level access.

Summary generated and translated by AI from the official description.
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found18
githubgithub.com/technion/erlvulnscan10githubgithub.com/aedoo/CVE-2015-1635-POC9githubgithub.com/h3x0v3rl0rd/CVE-2015-1635-POC2githubgithub.com/Zx7ffa4512-Python/Project-CVE-2015-16352githubgithub.com/Cappricio-Securities/CVE-2015-16351githubgithub.com/w01ke/CVE-2015-1635-POC1githubgithub.com/bongbongco/MS15-0341githubgithub.com/wiredaem0n/chk-ms15-0340githubgithub.com/moeinmiadi/CVE-2015-1635_PoC0githubgithub.com/hedgecore/HTTPsys0githubgithub.com/SkinAir/ms15-034-Scan0githubgithub.com/u0pattern/Remove-IIS-RIIS0githubgithub.com/h3x0v3rl0rd/CVE-2015-16350exploitdbwww.exploit-db.com/exploits/36776unverifiedcve_referencewww.exploit-db.com/exploits/36773/unverifiedcve_referencewww.exploit-db.com/exploits/36776/unverifiedexploitdbwww.exploit-db.com/exploits/36773unverifiedcve_referencepacketstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635https://www.exploit-db.com/exploits/36773/https://www.exploit-db.com/exploits/36776/http://www.osvdb.org/120629http://www.securityfocus.com/bid/74013http://www.securitytracker.com/id/1032109