VDB
GSD-2015-1635
GSD-2015-1635
PUBLISHED
CVSS 9.800000190734863 CRITICAL
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Apr 14, 2015 CVE Published
- May 14, 2016 PoC Published
- Nov 23, 2016 PoC Published
- May 29, 2018 PoC Published
- Jun 14, 2023 PoC Published
- Dec 24, 2024 PoC Published
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 2, 2026 PoC Published
References
- 120629 vdb
- 1032109 vdb
- 74013 vdb
- MS15-034 advisory
- 36773 exploit
- 36776 exploit
- http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635 advisory