CVE - CVE-2013-3660

CVE-ID
CVE-2013-3660	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CERT:TA13-190A URL:http://www.us-cert.gov/ncas/alerts/TA13-190A EXPLOIT-DB:25611 URL:http://www.exploit-db.com/exploits/25611/ FULLDISC:20130517 Re: exploitation ideas under memory pressure URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html FULLDISC:20130517 exploitation ideas under memory pressure URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html FULLDISC:20130603 Re: exploitation ideas under memory pressure URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html MISC:http://twitter.com/taviso/statuses/309157606247768064 MISC:http://twitter.com/taviso/statuses/335557286657400832 MISC:http://www.computerworld.com/s/article/9239477 MISC:http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/ MISC:http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw MS:MS13-053 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 OSVDB:93539 URL:~~http://www.osvdb.org/93539~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:17360 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360 SECUNIA:53435 URL:http://secunia.com/advisories/53435
Assigning CNA
MITRE Corporation
Date Record Created
20130524	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130524)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)