CVE-2015-1635

CVE-2015-1635

NVD Published Date: April 14, 2015 at 08:59 PM

NVD Last Modified: May 14, 2019 at 07:53 PM

Download Patch

Vulnerability ID

CVE-2015-1635

Severity

HIGH

Severity Score

10.0

Summary

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

References

http://www.securitytracker.com/id/1032109

https://www.exploit-db.com/exploits/36776/

https://www.exploit-db.com/exploits/36773/

http://www.securityfocus.com/bid/74013

http://www.osvdb.org/120629

http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034

Mitigation and Patches

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034

Exploits

https://www.exploit-db.com/exploits/36773

https://www.exploit-db.com/exploits/36776

https://gist.github.com/worawit/54f2e5a7a1a028191f76

https://github.com/xPaw/HTTPsys

https://github.com/technion/erlvulnscan

https://github.com/aedoo/CVE-2015-1635-POC

https://www.exploit-db.com/exploits/36776/

https://www.exploit-db.com/exploits/36773/

http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb

https://gist.github.com/worawit/54f2e5a7a1a028191f76

https://github.com/xPaw/HTTPsys

https://github.com/technion/erlvulnscan

https://github.com/aedoo/CVE-2015-1635-POC

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Metasploit Payload

http://technet.microsoft.com/en-us/security/bulletin/MS15-034

https://pastebin.com/ypURDPc4

https://github.com/rapid7/metasploit-framework/pull/5150

https://community.qualys.com/blogs/securitylabs/2015/04/20/ms15-034-analyze-and-remote-detection

http://www.securitysift.com/an-analysis-of-ms15-034/

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb

http://securitysift.com/an-analysis-of-ms15-034/

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE ID

CWE-94

Recent Publish

KB5041580

KB5041585

CVE-2010-5326

CVE-2019-7609

KB5041592

KB5002619

See More ...

See SecOps Solution
in action

Schedule Demo