HTTP.sys Denial of Service (MS15-034 /CVE-2015-1635) Range Header Integer Overflow. The vulnerability is due to crafted HTTP request by passing large value in Range header, IIS fails to validate the value properly leading to Denial of Service (Unresponsive or Blue Screen of Death) and possible Code Execution. To trigger the vulnerability request a resource which must be present on the IIS web server, I used sample files (img.jpg, index.html in this demo.) To understand the risk it is import…
