Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities

#%NASL_MIN_LEVEL 999999

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2013/07/10. Deprecated by smb_nt_ms13-053.nasl.

include("compat.inc");

if (description)
{
  script_id(66878);
  script_version("1.12");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id("CVE-2013-3660", "CVE-2013-3661");
  script_bugtraq_id(60051);
  script_xref(name:"EDB-ID", value:"25611");
  script_xref(name:"EDB-ID", value:"25912");

  script_name(english:"Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities");
  script_summary(english:"Checks Operating System version");

  script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities.");
  script_set_attribute(
    attribute:"description",
    value:
"The Microsoft Windows host has a flaw in Win32k.sys which can be
exploited by local users to gain elevated privileges or trigger a denial
of service condition.  The issue is due to a flaw in how linked list
pointers are handled in PATHREC objects."
  );
  script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2013/May/91");
  script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2013/Jun/5");
  script_set_attribute(attribute:"solution", value:"There is currently no known solution for this vulnerability.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/12");
  script_set_attribute(attribute:"plugin_type", value:"local");

  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_ports(139, 445);

  exit(0);
}

# Deprecated
exit(0, "This plugin has been deprecated. Use smb_nt_ms13-053.nasl (plugin #67210) instead.");

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

port = kb_smb_transport();
if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);

get_kb_item_or_exit("SMB/Registry/Enumerated");

get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

security_warning(port);