|MS13-039||Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)||Windows 8||Important||15-05-2013|
Brief overview of the risk:
The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client.
Detailed Information on the risk:
A denial of service vulnerability exists in Windows Server 2012 and Windows 8 when the HTTP protocol stack (HTTP.sys) improperly handles a malicious HTTP header. An attacker who successfully exploited this vulnerability could trigger an infinite loop in the HTTP protocol stack by sending a specially crafted HTTP header to an affected Windows server or client.
Further information on this exploit is available at : MS13-039
Affected SoftwareWindows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)