HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
PoC代码[已公开]
id: CVE-2015-1635
info:
name: Microsoft Windows 'HTTP.sys' - Remote Code Execution
author: Phillipo
severity: critical
description: |
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
reference:
- https://www.exploit-db.com/exploits/36773
- https://www.securitysift.com/an-analysis-of-ms15-034/
- https://nvd.nist.gov/vuln/detail/CVE-2015-1635
- http://www.securitytracker.com/id/1032109
- https://github.com/b1gbroth3r/shoMe
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2015-1635
cwe-id: CWE-94
epss-score: 0.94299
epss-percentile: 0.99936
cpe: cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: microsoft
product: windows_7
shodan-query:
- '"Microsoft-IIS" "2015"'
- '"microsoft-iis" "2015"'
- cpe:"cpe:2.3:o:microsoft:windows_7"
tags: cve,cve2015,kev,microsoft,iis,rce
http:
- method: GET
path:
- "{{BaseURL}}"
headers:
Range: "bytes=0-18446744073709551615"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "HTTP Error 416"
- "The requested range is not satisfiable"
condition: and
- type: word
part: header
words:
- "Microsoft"
# digest: 4a0a00473045022100d693af312dce162013ac0989729f7c803eb38e396eab225b378dcf0a1770e833022032306000159e763667bc1de992da0370dc0f18648d910a7900cbd8a9da23d2f6:922c64590222798bb761d5b6d8e72950