CVSS: 7.8EPSS: 83%CPEs: 10EXPL: 7CVE-2013-3660 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." La funcion EPATHOBJ::pprFlattenRec en win32k.sys en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT, no inicializar correctamente un puntero para el siguiente objeto en una lista determinada, lo que permite a usuarios locales obtener acceso de escritura a la cadena PATHRECORD y, por lo tanto, ganar privilegios mediante la activación de un consumo excesivo de memoria paginada y posteriormente hacer muchas llamadas a funciones FlattenPath. The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/25611 https://www.exploit-db.com/exploits/26554 https://www.exploit-db.com/exploits/25912 https://github.com/ExploitCN/CVE-2013-3660-x64-WIN7 http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html http://secunia.com/advisories/53435 http://twitter.com/taviso/statuses/309157606247768064 http:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 4CVE-2013-3661 – Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
https://notcve.org/view.php?id=CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. La función EPATHOBJ::bFlatten en win32k.sys en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT, no comprueba si lista vinculada accede continuamente al mismo miembro de la lista, lo que permite a usuarios locales provocar una denegación de servicio (recorrido infinito) a través de vectores que provocan una cadena PATHRECORD manipulada. • https://www.exploit-db.com/exploits/25611 https://www.exploit-db.com/exploits/26554 https://www.exploit-db.com/exploits/25912 http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html http://secunia.com/advisories/53435 http://twitter.com/taviso/statuses/335557286657400832 http://www.computerworld.com/s/article/9239477 http://www.exploit-db.com/exploits/25611 http://www.osvdb.org/93539 http:/& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 30%CPEs: 56EXPL: 0CVE-2013-0986 – Apple QuickTime enof Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0986
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos ENOF manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a MOV file. The size field of the enof atom is not properly validated. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5784 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 55EXPL: 0CVE-2013-0988 – Apple QuickTime FlashPix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0988
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo FPX modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlashPix files. While parsing FlashPix files, a length is multiplied by four when allocating the buffer but is multiplied by eight when copying data into the buffer. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5784 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 55EXPL: 0CVE-2013-0989 – Apple QuickTime MP3 Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0989
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MP3 modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CoreAudioToolbox component processing an mp3 file. Altering the channel_mode value from stereo to mono in the header of a stereo mpeg frame could result in a heap buffer overflow. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5784 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •