Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution Vulnerability



Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can leverage this issue to execute arbitrary code in the context of the system account. Failed exploit attempts will likely result in denial-of-service conditions.

Information

Bugtraq ID: 74013
Class: Design Error
CVE: CVE-2015-1635

Remote: Yes
Local: No
Published: Apr 14 2015 12:00AM
Updated: Aug 10 2017 06:10PM
Credit: Citrix Security Response Team
Vulnerable: Siemens SPECT/CT Systems 0
Siemens SPECT Workplaces/Symbia.net 0
Siemens SPECT Systems 0
Siemens PET/CT Systems 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows 8 for x64-based Systems 0
Microsoft Windows 8 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Avaya Meeting Exchange - Webportal 6.2
Avaya Meeting Exchange - Webportal 6.0
Avaya Meeting Exchange - Webportal 5.2.1
Avaya Meeting Exchange - Webportal 5.2
Avaya Meeting Exchange - Webportal 5.0.1
Avaya Meeting Exchange - Webportal 5.0
Avaya Meeting Exchange - Web Conferencing Server 6.2
Avaya Meeting Exchange - Web Conferencing Server 6.0
Avaya Meeting Exchange - Web Conferencing Server 5.2.1
Avaya Meeting Exchange - Web Conferencing Server 5.2
Avaya Meeting Exchange - Web Conferencing Server 5.0.1
Avaya Meeting Exchange - Web Conferencing Server 5.0
Avaya Meeting Exchange - Streaming Server 6.2
Avaya Meeting Exchange - Streaming Server 6.0
Avaya Meeting Exchange - Streaming Server 5.2.1
Avaya Meeting Exchange - Streaming Server 5.2
Avaya Meeting Exchange - Streaming Server 5.0.1
Avaya Meeting Exchange - Streaming Server 5.0
Avaya Meeting Exchange - Recording Server 6.2
Avaya Meeting Exchange - Recording Server 6.0
Avaya Meeting Exchange - Recording Server 5.2.1
Avaya Meeting Exchange - Recording Server 5.2
Avaya Meeting Exchange - Recording Server 5.0.1
Avaya Meeting Exchange - Recording Server 5.0
Avaya Meeting Exchange - Client Registration Server 6.2
Avaya Meeting Exchange - Client Registration Server 6.0
Avaya Meeting Exchange - Client Registration Server 5.2.1
Avaya Meeting Exchange - Client Registration Server 5.2
Avaya Meeting Exchange - Client Registration Server 5.0.1
Avaya Meeting Exchange - Client Registration Server 5.0


Not Vulnerable:

Exploit


The following exploit code is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


Related Posts

Comments