Back to KEVs

CVE-2021-31166

HTTP Protocol Stack Remote Code Execution Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: April 14, 2021
Published Date: May 11, 2021
Last Updated: February 07, 2025
Vendor: Microsoft
Product: Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2
Description: HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-04-06 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-05-17 19:55:41 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166 http://packetstormsecurity.com/files/162722/Microsoft-HTTP-Protocol-Stack-Remote-Code-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-04-06 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

mauricelambert/CVE-2021-31166

Type: github • Created: 2022-03-07 18:56:52 UTC • Stars: 5

CVE-2021-31166: exploitation with Powershell, Python, Ruby, NMAP and Metasploit.

ZZ-SOCMAP/CVE-2021-31166

Type: github • Created: 2021-09-27 05:56:45 UTC • Stars: 19

Windows HTTP协议栈远程代码执行漏洞 CVE-2021-31166

y0g3sh-99/CVE-2021-31166-Exploit

Type: github • Created: 2021-07-03 14:54:59 UTC • Stars: 7

Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166)

zecopro/CVE-2021-31166

Type: github • Created: 2021-05-19 07:50:40 UTC • Stars: 5

simple bash script for exploit CVE-2021-31166

corelight/CVE-2021-31166

Type: github • Created: 2021-05-17 23:54:12 UTC • Stars: 13

HTTP Protocol Stack CVE-2021-31166

mvlnetdev/CVE-2021-31166-detection-rules

Type: github • Created: 2021-05-17 19:55:41 UTC • Stars: 3

Different rules to detect if CVE-2021-31166 is being exploited

zha0gongz1/CVE-2021-31166

Type: github • Created: 2021-05-17 11:12:45 UTC • Stars: 9

PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.

0vercl0k/CVE-2021-31166

Type: github • Created: 2021-05-16 16:15:56 UTC • Stars: 823

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.