CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability

...

Microsoft HTTP.sys 安全漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10 Version 1809 for 32-bit system...

KB5094042: Windows Server 2012 Security Update (June 2026)

The remote Windows host is missing security update 5094042. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

KB5094041: Windows Server 2012 R2 Security Update (June 2026)

The remote Windows host is missing security update 5094041. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

CVE-2026-33096 HTTP.sys Denial of Service Vulnerability

...

CVE-2026-21250 Windows HTTP.sys Elevation of Privilege Vulnerability

...

KLA90878 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service. Below is a...

Microsoft HTTP.sys 安全漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. The following products and versions are affected: Windows 11 Version 26H1 for ARM64-based Systems, Windows 11 Version 26H1 for x64-based Systems, Window...

CVE-2025-53805

CVE-2025-53805 affects Windows Internet Information Services (IIS) via an out-of-bounds read in HTTP.sys, enabling an unauthenticated attacker to deny service over the network. The vulnerability is categorized as Denial-of-Service with network attack vector and high severity (CVSS 7.5, NETWORK/NO...

HTTP.sys Denial of Service Vulnerability

Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network...

CVE-2024-3955

CVE-2024-3955 affects CraftBeerPi 4 up to 4.4.1.a1. The issue arises when the URL parameter logtime in the downloadlog endpoint is passed from cbpi/http_endpoints/http_system.py to os.system in cbpi/controller/system_controller.py without validation, allowing arbitrary code execution. Multiple co...

CVE-2023-32084

HTTP.sys Denial of Service Vulnerability...

Microsoft HTTP.sys 安全漏洞

Microsoft HTTP.sys is an application protocol of Microsoft Corporation USA.HTTP application protocol. A security vulnerability exists in Microsoft HTTP.sys. An attacker could exploit this vulnerability to cause a denial of service on the system. The following products and versions are affected:...

CVE-2022-35748

HTTP.sys Denial of Service Vulnerability...

CVE-2022-41057

Windows HTTP.sys Elevation of Privilege Vulnerability...

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft HTTP.sys is an application protocol from Microsoft Corporation USA.HTTP Application Protocol. Microsoft HTTP.sys is vulnerable to privilege permission and access control issues. The following products and versions are affected: Windows Server version 20H2 Server Core Installation, Windo...