MS13-039: Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
Medium Nessus Plugin ID 66414
SynopsisThe remote Windows host is potentially affected by a vulnerability that could allow for a denial of service condition.
DescriptionThe version of Windows installed on the remote host is potentially affected by a denial of service vulnerability because the HTTP protocol stack (HTTP.sys) may improperly handle a malicious HTTP header, causing an infinite loop in the HTTP protocol. A remote, unauthenticated attacker could exploit this flaw by sending a specially crafted HTTP packet to the affected system, which could trigger the vulnerability.
SolutionMicrosoft has released a set of patches for Windows 8 and 2012.