Lucene search

K
attackerkbAttackerKBAKB:AFD63479-75F9-45C2-81E4-F551BD3C99C5
HistoryApr 14, 2015 - 12:00 a.m.

CVE-2015-1635

2015-04-1400:00:00
attackerkb.com
25

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.”

Recent assessments:

meikster at March 04, 2020 9:13am UTC reported:

This vulnerability can still be seen in some companies during internal assessments, however no working exploitation code exists. Only scanners/checkers. SecuritySift managed to achieve information disclosure, however information retrieved is generally not useful.
<http://www.securitysift.com/an-analysis-of-ms15-034/&gt;

Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 1

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%