← back
CVE-2021-31166

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 99.7%● KEVCWE-416
In short

A critical flaw in Windows' HTTP protocol stack allows attackers to execute arbitrary code remotely without authentication. This affects core Windows functionality used by many applications and services.

Technical detail

Use-after-free vulnerability (CWE-416) in the HTTP.sys kernel driver enables remote code execution via specially crafted HTTP requests; no authentication required, with direct kernel-level impact and system compromise.

Summary generated and translated by AI from the official description.
HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 2004Microsoft · Windows 10 Version 20H2Microsoft · Windows Server version 2004Microsoft · Windows Server version 20H2
public PoCs found11
githubgithub.com/0vercl0k/CVE-2021-31166827githubgithub.com/ZZ-SOCMAP/CVE-2021-3116619githubgithub.com/corelight/CVE-2021-3116612githubgithub.com/zha0gongz1/CVE-2021-311668githubgithub.com/0xmaximus/Home-Demolisher8githubgithub.com/y0g3sh-99/CVE-2021-31166-Exploit7githubgithub.com/zecopro/CVE-2021-311665githubgithub.com/mvlnetdev/CVE-2021-31166-detection-rules3githubgithub.com/iranzai/CVE-2021-31166-exploit2githubgithub.com/bgsilvait/WIn-CVE-2021-311660cve_referencepacketstormsecurity.com/files/162722/Microsoft-HTTP-Protocol-Stack-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162722/Microsoft-HTTP-Protocol-Stack-Remote-Code-Execution.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31166