MS 15-034 - HTTP.sys Remote Code Execution Vulnerability

MS 15-034

This vulnerability was initially exploited as DoS but also has potential to be used as Remote Code Execution. Microsoft has already implemented a patch for the same.

Affected Systems

All versions of windows

  • Windows 8 / 8.1
  • Windows 2003 Server

Manual Verification Tests

  • Command to be used

curl -v [ipaddress]/ -H "Host: test" -H "Range: bytes=0-18446744073709551615"

OR

wget -O /dev/null --header="Range: 0-18446744073709551615" http://[ip address]/

  • Result Expected

Test Fail: Machine Vulnerable : 416 HTTP ERROR

Test Pass: Machine Not Vulnerable : Any error or response other then 416 HTTP Error

Vulnerability Identifications

CVE : 2015-1635
NESSUS : 82771
BUGTrack : 74013
OSVDB :

Reference Links

  • https://community.qualys.com/blogs/securitylabs/2015/04/20/ms15-034-analyze-and-remote-detection
  • https://technet.microsoft.com/security/bulletin/MS15-034