Windows 10 2004
CVE-2021-31166
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
HTTP Protocol Stack Remote Code Execution Vulnerability
AnalysisAI
HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Affected products include: Microsoft Windows 10 2004, Microsoft Windows 10 20H2, Microsoft Windows Server 2004, Microsoft Windows Server 20H2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Windows 10 2004
View allWin32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity
Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no auth
A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this
Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is n
Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnera
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity
Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnera
Windows Update Medic Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is
Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low at
Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack co
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today