Microsoft Windows HTTP.sys Range Integer Overflow Memory Disclosure Exploit (MS15-034)

The code that handles the 'Range' HTTP header in the HTTP.sys driver in Microsoft Windows, which is used by Internet Information Services (IIS), is prone to an integer overflow vulnerability when processing a specially crafted HTTP request with a very long upper range. This integer overflow vulnerability can be leveraged to generate a memory disclosure condition, in which the HTTP.sys driver will return more data than it should from kernel memory, thus allowing remote unauthenticated attackers to obtain potentially sensitive information from the affected server.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-1635
Product Version: 
2014_R2
Released Date: 
Tuesday, May 19, 2015 - 00:00