CVE-2015-1635 PoC — Microsoft Windows HTTP.sys 远程执行代码漏洞

Source

https://github.com/Zx7ffa4512-Python/Project-CVE-2015-1635

Associated Vulnerability

Title:Microsoft Windows HTTP.sys 远程执行代码漏洞 (CVE-2015-1635)
Description:HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

Description

CVE-2015-1635,MS15-034

Readme

# CVE-2015-1635
CVE-2015-1635,MS15-034


###漏洞检测
    USAGE python MS15-034.py www.xxx.com:80
[测试程序](https://github.com/Zx7ffa4512-Python/CVE-2015-1635/blob/master/MS15-034.py)

###HTTP.sys远程执行代码漏洞（CVE-2015-1635，MS15-034）

远程执行代码漏洞存在于 HTTP 协议堆栈 (HTTP.sys) 中，当 HTTP.sys 未正确分析经特殊设计的 HTTP 请求时会导致此漏洞。成功利用此漏洞的攻击者可以在系统帐户的上下文中执行任意代码。

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!