Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2013-3661

Published: 24/05/2013 Updated: 26/02/2019
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Microsoft

Vulnerability Summary

The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows xp -

microsoft windows 7 -

microsoft windows 8 -

microsoft windows vista -

microsoft windows server 2008 -

microsoft windows rt -

microsoft windows xp

microsoft windows server 2003

microsoft windows server 2012 -

microsoft windows server 2008 r2

Exploits

Exploit DB: Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring
#ifndef WIN32_NO_STATUS # define WIN32_NO_STATUS #endif #include <stdioh> #include <stdargh> #include <stddefh> #include <windowsh> #include <asserth> #ifdef WIN32_NO_STATUS # undef WIN32_NO_STATUS #endif #include <ntstatush> #pragma comment(lib, "gdi32") #pragma comment(lib, "kernel32") #pragma comment(li ...
Exploit DB: Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write First, we create a watchdog thread that will patch the list atomically when we're ready This is needed because we can't exploit the bug while HeavyAllocPool is failing, because of the early exit in pprFlattenRec: text:BFA122B8 call newpathre ...
Exploit DB: Microsoft Windows - 'EPATHOBJ::pprFlattenRec' Local Privilege Escalation (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' require 'm ...

References

CWE-22http://secunia.com/advisories/53435http://www.computerworld.com/s/article/9239477http://twitter.com/taviso/statuses/335557286657400832http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flawhttp://www.exploit-db.com/exploits/25611/http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/http://www.osvdb.org/93539http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/25912/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook