| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-039 | Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) | Windows 8 | Important | 15-05-2013 |
Technical Information
Brief overview of the risk:
The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client.
Detailed Information on the risk:
A denial of service vulnerability exists in Windows Server 2012 and Windows 8 when the HTTP protocol stack (HTTP.sys) improperly handles a malicious HTTP header. An attacker who successfully exploited this vulnerability could trigger an infinite loop in the HTTP protocol stack by sending a specially crafted HTTP header to an affected Windows server or client.
Further information on this exploit is available at : MS13-039
Affected Software
Windows 8 for 32-bit SystemsWindows 8 for 64-bit Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)