Skip to content
/ CVE-2021-31166 Public

PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.

9 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zha0gongz1/CVE-2021-31166

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CVE-2021-31166.py
CVE-2021-31166.py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2021-31166

0x00.Description

This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Code Execution Vulnerability"), a use-after-free dereference in http.sys patched by Microsoft in May 2021.

As far as I know, it can only trigger the program to crash, please use it with caution.

0x01.Impact

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

0x02.Reference

HTTP Protocol Stack Remote Code Execution Vulnerability

About

PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.

Topics

rce accept-encoding cve-2021-31166

Resources

Readme
Activity

Stars

9 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages