<< Back
CVE Number Vulnerability Product Severity Date
MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) Windows 8 Important 15-05-2013

Technical Information

Brief overview of the risk:
The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client.
Detailed Information on the risk:

A denial of service vulnerability exists in Windows Server 2012 and Windows 8 when the HTTP protocol stack (HTTP.sys) improperly handles a malicious HTTP header. An attacker who successfully exploited this vulnerability could trigger an infinite loop in the HTTP protocol stack by sending a specially crafted HTTP header to an affected Windows server or client.

Further information on this exploit is available at : MS13-039

Affected Software

Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)