Exploit for #VU59392 Buffer overflow

Published: 2022-01-17 | Updated: 2022-11-22

Vulnerability identifier: #VU59392

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-21907

CWE-ID: CWE-119

Exploitation vector: Network

Exploits in database: 13

November 22, 2022
- Home-Demolisher (PoC for CVE-2021-31166 and CVE-2022-21907) [Github]
October 31, 2022
- CVE-2022-21907 (POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.) [Github]
May 23, 2022
- cve-2022-21907-http.sys (An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request header triggering a double free in the unknown coding-list inside the HTTP Protocol Stack (http.sys) to process packets, resulting in a ke [Github]
May 11, 2022
- cve-2022-21907 (Multithread Golang application) [Github]
April 18, 2022
- nmap-CVE-2022-21907 (Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http. sys, which handles most basic IIS [Github]
April 15, 2022
- Microsoft HTTP Protocol Stack Denial Of Service [Packet Storm]
April 8, 2022
- CVE-2022-21907 (A REAL DoS exploit for CVE-2022-21907) [Github]
February 13, 2022
- CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907) [Github]
January 30, 2022
- CVE_2022_21907-poc () [Github]
January 25, 2022
- CVE-2022-21907-Vulnerability-PoC (CVE-2022-21907 Vulnerability PoC) [Github]
- CVE_2022_21907-poc () [Github]
January 19, 2022
- CVE-2022-21907-http.sys (Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers) [Github]
January 17, 2022
- CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907) [Github]

Impact: Code execution

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system
Microsoft IIS
Server applications / Web servers

Vendor: Microsoft