ByteOS Network

NVD Vulnerability Details :

CVE-2015-1635

Analyzed

Source-secure@microsoft.com

View Known Exploited Vulnerability (KEV) details

Published At-14 Apr, 2015 | 20:59

Updated At-22 Apr, 2026 | 16:42

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2022-02-10	2022-08-10	Microsoft HTTP.sys Remote Code Execution Vulnerability	Apply updates per vendor instructions.

Date Added: 2022-02-10

Due Date: 2022-08-10

Vulnerability Name: Microsoft HTTP.sys Remote Code Execution Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-94	Primary	nvd@nist.gov
CWE-94	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-94

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-94

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
http://www.osvdb.org/120629	secure@microsoft.com	Broken Link
http://www.securityfocus.com/bid/74013	secure@microsoft.com	Third Party Advisory VDB Entry Broken Link
http://www.securitytracker.com/id/1032109	secure@microsoft.com	Third Party Advisory VDB Entry Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034	secure@microsoft.com	Patch Vendor Advisory
https://www.exploit-db.com/exploits/36773/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/36776/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
http://www.osvdb.org/120629	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www.securityfocus.com/bid/74013	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry Broken Link
http://www.securitytracker.com/id/1032109	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://www.exploit-db.com/exploits/36773/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/36776/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635	134c704f-9b21-4f2e-91b3-4a467353bcc0	US Government Resource