CVE-2016-0150 — Microsoft Windows 10 vulnerability

CWE-194 documents4 sources

Severity

7.5HIGHNVD

EPSS

43.3%

top 2.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems Msrc Windows 10 FOR X64-based Systems +2 more

Timeline

PublishedApr 12

Latest updateMay 14

Description

HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

▶NVDmicrosoft/windows_101511

▶msrcmsrc/windows_10_for_32-bit_systems

▶msrcmsrc/windows_10_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-xq2v-ff2j-6gfv: HTTP↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution↗2015-09-28

▶

📋Vendor Advisories

Microsoft

HTTP.sys Denial of Service Vulnerability↗2016-04-12

▶