23 matches found
Windows IIS HTTP Protocol Stack Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...
Exploit for Use After Free in Microsoft
Home-Demolisher PoC for CVE-2021-31166 and CVE-2022-21907...
VulnCheck KEV: CVE-2021-31166
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...
Windows IIS HTTP Protocol Stack DOS
This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...
Exploit for Use After Free in Microsoft
CVE-2021-31166 Why I recently wrote an exploit for CVE-20...
Exploit for Use After Free in Microsoft
PoC exploit for CVE-2021-31166, a Windows HTTP protocol stack re...
Exploit for Use After Free in Microsoft
CVE-2021-31166-Exploit Exploit for MS Http Protocol Stack RCE...
Windows PoC Exploit Released for Wormable RCE
A researcher has released a proof-of-concept PoC exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack http.sys that could lead to wormable remote code execution RCE. Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch...
Exploit for Use After Free in Microsoft
CVE-2021-31166 si...
Exploit for Use After Free in Microsoft
CVE-2021-31166 is a remote code execution vulnerability in the HTTP protocol stack. It is a use-after-free dereference bug in the http!UlpParseContentCoding function. The bug occurs when the function appends items to a local list without nulling it out, leaving them dangling in the Request object...
Exploit for Use After Free in Microsoft
CVE-2021-31166 Detection of attempts to exploit CVE-2021-31166...
Exploit for Use After Free in Microsoft
CVE-2021-31166 Detection Rules Different rules to detect if CV...
Exploit for Use After Free in Microsoft
CVE-2021-31166 0x00.Description This is a proof of concept...
Exploit for Use After Free in Microsoft
CVE-2021-31166 0x00.Description This is a proof of concept...
CVE-2021-31166
creationtimestamp| type| source ---|---|--- 2021-05-12 13:59:45+00:00| seen| https://t.me/thehackernews/1212 2021-05-15 14:00:18+00:00| seen| https://t.me/HackerOne/3005 2021-05-17 06:35:10+00:00| published-proof-of-concept| https://t.me/cKure/5378 2021-05-17 12:23:36+00:00|...
Get patching! Wormable Windows flaw headlines Patch Tuesday
It looks like patching a wormable Remote Code Execution RCE bug in the HTTP stack of Windows 10 and Windows Server is likely to be top of most sysadmins todo lists after reading Mays Patch Tuesday updates. The monthly bug bonanza also features three other critical items among its 55 patches...
Latest Microsoft Windows Updates Patch Dozens of Security Flaws
Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one ...
Microsoft HTTP Protocol Stack Remote Code Execution (CVE-2021-31166)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Patch Tuesday - May 2021
Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...
Microsoft Patch Tuesday, May 2021 Edition
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are...