7.8

CVE-2013-3660

Warnung
Medienbericht
Exploit
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows Rt Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
MicrosoftWindows Xp Version- Updatesp3

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Win32k Privilege Escalation Vulnerability

Schwachstelle

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 39.58% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html
Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html
Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html
Broken Link
http://secunia.com/advisories/53435
Vendor Advisory
Broken Link
http://twitter.com/taviso/statuses/309157606247768064
Exploit
http://twitter.com/taviso/statuses/335557286657400832
Not Applicable
http://www.computerworld.com/s/article/9239477
Broken Link
http://www.exploit-db.com/exploits/25611/
Third Party Advisory
Exploit
VDB Entry
http://www.osvdb.org/93539
Broken Link
http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/
Exploit
Issue Tracking
http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw
Press/Media Coverage
http://www.us-cert.gov/ncas/alerts/TA13-190A
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3660
US Government Resource