10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.”
Recent assessments:
meikster at March 04, 2020 9:13am UTC reported:
This vulnerability can still be seen in some companies during internal assessments, however no working exploitation code exists. Only scanners/checkers. SecuritySift managed to achieve information disclosure, however information retrieved is generally not useful.
<http://www.securitysift.com/an-analysis-of-ms15-034/>
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 1
packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html
www.osvdb.org/120629
www.securityfocus.com/bid/74013
www.securitytracker.com/id/1032109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034
www.exploit-db.com/exploits/36773
www.exploit-db.com/exploits/36776