Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2013-3660

Published: 24/05/2013 Updated: 26/02/2019
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 705
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows xp

microsoft windows server 2003

microsoft windows server 2008 r2

microsoft windows 7

microsoft windows 8 -

microsoft windows server 2012 -

microsoft windows vista

microsoft windows server 2008

Exploits

Exploit DB: Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
This Metasploit module exploits a vulnerability on EPATHOBJ::pprFlattenRec due to the usage of uninitialized data which allows to corrupt memory At the moment, the module has been tested successfully on Windows XP SP3, Windows 2003 SP1, and Windows 7 SP1 ...
Exploit DB: Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring
#ifndef WIN32_NO_STATUS # define WIN32_NO_STATUS #endif #include <stdioh> #include <stdargh> #include <stddefh> #include <windowsh> #include <asserth> #ifdef WIN32_NO_STATUS # undef WIN32_NO_STATUS #endif #include <ntstatush> #pragma comment(lib, "gdi32") #pragma comment(lib, "kernel32") #pragma comment(li ...
Exploit DB: Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write First, we create a watchdog thread that will patch the list atomically when we're ready This is needed because we can't exploit the bug while HeavyAllocPool is failing, because of the early exit in pprFlattenRec: text:BFA122B8 call newpathre ...
Exploit DB: Microsoft Windows - 'EPATHOBJ::pprFlattenRec' Local Privilege Escalation (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' require 'm ...

Recent Articles

Carders cash out hundreds of millions before USA adopts EMV
The Register • Darren Pauli • 22 Apr 2016

Stolen card values on the way down ahead of chip card debut

A hacker group has stolen some 10 million credit cards, putting itself in a position to score US$400 million (£279 million, A$516 million) by infecting 2000 payment terminals with the Trinity point of sales malware. Security firm FireEye and subsidiaries iSIGHT Partners and Mandiant examined the "Fin6" group last year after it was found plundering millions of cards. The first two firms now say the cards stolen from hospitality and retails firms have earned the hacking group hundreds of millions...

Read more...
Windows kernel bug-squish, IE update star in July Patch Tuesday
The Register • John Leyden • 10 Jul 2013

Plus: Dodgy app unpatched for 180 days? We'll kick it out of Marketplace

Microsoft's Patch Tuesday for July landed overnight with a bumper crop of seven bulletins, six of which cover critical flaws that carry remote code execution risks. And the Windows 8 giant today revealed that one of these, CVE-2013-3163, is currently under active attack online. Every supported operating system, every version of MS Office, Lync, Silverlight, Visual Studio and .NET will need patching - creating plenty of work for sysadmins worldwide. The patch batch grapples with a total of 34 vul...

Read more...
Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday
The Register • John Leyden • 05 Jul 2013

Sysadmins, take a deep breath...

Microsoft is planning a high-impact edition of Patch Tuesday with seven bulletins this month - six of which cover critical flaws. The less-than-magnificent seven cover all supported versions of Windows and every version of MS Office, as well as updates for Lync, Silverlight, Visual Studio and .NET. Internet Explorer, from IE6 on Windows XP to IE10 on Windows 8, and also on Windows RT, needs patching because of a critical vulnerability. "This is one of the uglier releases we’ve seen from Micros...

Read more...

References

CWE-119http://twitter.com/taviso/statuses/335557286657400832http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.htmlhttp://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flawhttp://www.osvdb.org/93539http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/http://www.computerworld.com/s/article/9239477http://twitter.com/taviso/statuses/309157606247768064http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.htmlhttp://www.exploit-db.com/exploits/25611/http://secunia.com/advisories/53435http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-190Ahttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053https://nvd.nist.govhttps://packetstormsecurity.com/files/122246/Windows-EPATHOBJ-pprFlattenRec-Local-Privilege-Escalation.htmlhttps://www.exploit-db.com/exploits/25912/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook