Vulnerability Manager Plus

ms15-034: vulnerability in http.sys could allow remote code execution: april 14, 2015 for Windows 7 for x64-based Systems (KB3042553)

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

94.31%

CVE Information

Source CVE
CVE-2015-1635

Associated CVE
CVE-2015-1635

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
17397

Patch Description
Security Update for Windows 7 for x64-based Systems (KB3042553)

References

http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html
http://technet.microsoft.com/security/bulletin/MS15-034
http://www.osvdb.org/120629
http://www.securityfocus.com/bid/74013
http://www.securitytracker.com/id/1032109
https://www.exploit-db.com/exploits/36773/
https://www.exploit-db.com/exploits/36776/