VYPR

Windows HTTP.sys

by Microsoft

CVEs (4)

  • CVE-2015-1635CriKEVApr 14, 2015
    risk 0.87cvss 9.8epss 1.00

    HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

  • CVE-2026-47291CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.22

    Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

  • CVE-2026-20929Jan 13, 2026
    risk 0.00cvss epss 0.01

    Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

  • CVE-2022-41057Nov 9, 2022
    risk 0.00cvss epss 0.01

    Windows HTTP.sys Elevation of Privilege Vulnerability