This Metasploit module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSODing before subsequently rebooting. Note that the target IIS server may or may not come back up, this depends on the targets settings as to whether IIS is configured to start on reboot.
97a44dc1fe6ca954dc341018f61c578a60177d84f6f32df13fcea55667e3fca9Proof of concept exploit for the HTTP protocol stack remote code execution vulnerability related to a use-after-free dereference in http.sys.
57b80b9e078587b54adacd2238f1d1c7524d264e79d8cb9ed8c8fda53d586d9e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed