CVE-2013-3661 – Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
https://notcve.org/view.php?id=CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. La función EPATHOBJ::bFlatten en win32k.sys en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT, no comprueba si lista vinculada accede continuamente al mismo miembro de la lista, lo que permite a usuarios locales provocar una denegación de servicio (recorrido infinito) a través de vectores que provocan una cadena PATHRECORD manipulada. • https://www.exploit-db.com/exploits/25611 https://www.exploit-db.com/exploits/26554 https://www.exploit-db.com/exploits/25912 http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html http://secunia.com/advisories/53435 http://twitter.com/taviso/statuses/335557286657400832 http://www.computerworld.com/s/article/9239477 http://www.exploit-db.com/exploits/25611 http://www.osvdb.org/93539 http:/& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-1334
https://notcve.org/view.php?id=CVE-2013-1334
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." win32k.sys en los controladores kernel-mode de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012 y Windows RT no maneja adecuadamente los objetos en la memoria, lo que permite a usuarios locales conseguir privilegios a través de una aplicación hecha a mano, también conocido como "Win32k Window Handle vulnerabilidad." • http://secunia.com/advisories/53385 http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1347 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1347
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección cuando acceden al objeto que (1)no se ha asignado adecuadamente o (2) se ha eliminado, como han sido explotadas a lo largo de mayo. This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. • https://www.exploit-db.com/exploits/25294 http://technet.microsoft.com/security/advisory/2847140 http://www.exploit-db.com/exploits/25294 http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-1283
https://notcve.org/view.php?id=CVE-2013-1283
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." Condición de carrera en win32k.sys en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2, R2 SP1 y, Windows 7 y GoldSP1, Windows 8, Windows server 2012 y de Windows RT permite a usuarios locales obtener privilegios a través de una aplicación diseñada que aprovecha el manejo inadecuado de los objetos en la memoria, también conocido como "Win32k Race Condition Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16563 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-1291
https://notcve.org/view.php?id=CVE-2013-1291
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." win32k.sys en el kernel-mode driver para Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold y SP1, y Windows 8 permite a usuarios locales causar una denegación de servicios (reinicio) a través de la fuente OpenType manipulada, también conocida como "OpenType Font Parsing Vulnerability" o "Win32k Font Parsing Vulnerability." • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16504 • CWE-20: Improper Input Validation •