Windows HTTP.sys RCE via malformed Range header — wormable potential. Immediately apply MS15-034 patch. Disable IIS HTTP.sys as compensating control. The vulnerability affects all versions of Windows running IIS 6.0-10.0.
HTTP.sys in Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, 8.1, Server 2012 Gold/R2 allows remote attackers to execute arbitrary code via crafted HTTP requests. MS15-034.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →