### [CVE-2015-1635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

### POC

#### Reference
- http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html
- https://www.exploit-db.com/exploits/36773/
- https://www.exploit-db.com/exploits/36776/

#### Github
- https://github.com/20142995/pocsuite3
- https://github.com/ACIC-Africa/metasploitable3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Aquilao/Toy-Box
- https://github.com/Cappricio-Securities/CVE-2015-1635
- https://github.com/H3xL00m/CVE-2015-1635
- https://github.com/H3xL00m/CVE-2015-1635-POC
- https://github.com/Olysyan/MSS
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SkinAir/ms15-034-Scan
- https://github.com/Sp3c73rSh4d0w/CVE-2015-1635
- https://github.com/Sp3c73rSh4d0w/CVE-2015-1635-POC
- https://github.com/Zx7ffa4512-Python/Project-CVE-2015-1635
- https://github.com/aedoo/CVE-2015-1635-POC
- https://github.com/ahm3dhany/IDS-Evasion
- https://github.com/akusilvennoinen/cybersecuritybase-project-2
- https://github.com/b1gbroth3r/shoMe
- https://github.com/bongbongco/MS15-034
- https://github.com/c0d3cr4f73r/CVE-2015-1635
- https://github.com/c0d3cr4f73r/CVE-2015-1635-POC
- https://github.com/crypticdante/CVE-2015-1635
- https://github.com/crypticdante/CVE-2015-1635-POC
- https://github.com/halencarjunior/MS15_034
- https://github.com/hanc00l/some_pocsuite
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/jamesb5959/HTTP.sys-Windows-Exec
- https://github.com/jiangminghua/Vulnerability-Remote-Code-Execution
- https://github.com/k4u5h41/CVE-2015-1635
- https://github.com/k4u5h41/CVE-2015-1635-POC
- https://github.com/kh4sh3i/exchange-penetration-testing
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/limkokholefork/CVE-2015-1635
- https://github.com/lnick2023/nicenice
- https://github.com/n3ov4n1sh/CVE-2015-1635
- https://github.com/n3ov4n1sh/CVE-2015-1635-POC
- https://github.com/neu5ron/cve_2015-1635
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/reph0r/Poc-Exp-Tools
- https://github.com/reph0r/Shooting-Range
- https://github.com/reph0r/poc-exp
- https://github.com/reph0r/poc-exp-tools
- https://github.com/shipcod3/HTTPsys_rce
- https://github.com/technion/erlvulnscan
- https://github.com/twekkis/cybersecuritybase-project2
- https://github.com/u0pattern/Remove-IIS-RIIS
- https://github.com/w01ke/CVE-2015-1635-POC
- https://github.com/wiredaem0n/chk-ms15-034
- https://github.com/xPaw/HTTPsys
- https://github.com/xbl3/awesome-cve-poc_qazbnm456