CVE-2013-3661
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
La función EPATHOBJ::bFlatten en win32k.sys en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT, no comprueba si lista vinculada accede continuamente al mismo miembro de la lista, lo que permite a usuarios locales provocar una denegación de servicio (recorrido infinito) a través de vectores que provocan una cadena PATHRECORD manipulada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-05-21 First Exploit
- 2013-05-24 CVE Reserved
- 2013-05-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html | Mailing List | |
| http://twitter.com/taviso/statuses/335557286657400832 | X_refsource_misc | |
| http://www.computerworld.com/s/article/9239477 | X_refsource_misc | |
| http://www.osvdb.org/93539 | Vdb Entry | |
| http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability | X_refsource_misc | |
| http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/25611 | 2013-05-21 | |
| https://www.exploit-db.com/exploits/26554 | 2013-07-02 | |
| https://www.exploit-db.com/exploits/25912 | 2013-06-03 | |
| http://www.exploit-db.com/exploits/25611 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/53435 | 2019-02-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1, x86 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | x86 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Rt Search vendor "Microsoft" for product "Windows Rt" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, x64 |
Affected
| ||||||