Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-3660
HistoryMay 24, 2013 - 8:55 p.m.

CVE-2013-3660

2013-05-2420:55:01
CWE-119
[email protected]
web.nvd.nist.gov
6

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.829

Percentile

98.5%

JSON

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka “Win32k Read AV Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_7Match-sp1
OR
microsoftwindows_8Match-
OR
microsoftwindows_rtMatch-
OR
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Matchr2sp1x64
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpMatch-sp2professionalx64
OR
microsoftwindows_xpMatch-sp3
VendorProductVersionCPE
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
microsoftwindows_8-cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
microsoftwindows_rt-cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
microsoftwindows_server_2012-cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Related

prion 2
cvelist 1
zdt 1
attackerkb 1
metasploit 1
msrc 1
cisa_kev 1
thn 3
seebug 1
packetstorm 1
cve 2
threatpost 2
nessus 2
exploitdb 3
nvd 1
ibm 1
openvas 2
securityvulns 1
prion
prion
Design/Logic Flaw
2013-05-24 20:55:00
Design/Logic Flaw
2013-05-30 14:55:00
cvelist
cvelist
CVE-2013-3660
2013-05-24 20:00:00
zdt
zdt
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
2013-07-02 00:00:00
attackerkb
attackerkb
CVE-2013-3660
2013-05-24 00:00:00
metasploit
metasploit
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
2013-09-12 19:36:01
msrc
msrc
Advance Notification Service for July 2013 Security Bulletin Release
2013-07-04 07:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-03-28 00:00:00
thn
thn
Microsoft to patch Six critical Remote Code Execution vulnerabilities this Tuesday
2013-07-07 19:41:00
Microsoft to patch Six critical Remote Code Execution vulnerabilities this Tuesday
2013-07-07 08:41:00
Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money
2014-05-11 04:42:00
seebug
seebug
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
2014-07-01 00:00:00
packetstorm
packetstorm
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
2013-07-01 00:00:00
cve
cve
CVE-2013-3660
2013-05-24 20:55:01
CVE-2013-3130
2013-05-30 14:55:01
threatpost
threatpost
July 2013 Microsoft Patch Tuesday Security Updates
2013-07-08 09:45:16
TrueType Font Flaws in July 2013 Microsoft Patch Tuesday
2013-07-09 16:03:22
nessus
nessus
Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities
2013-06-12 00:00:00
MS13-053: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (2850851)
2013-07-10 00:00:00
exploitdb
exploitdb
Microsoft Windows - 'EPATHOBJ::pprFlattenRec' Local Privilege Escalation (Metasploit)
2013-07-02 00:00:00
Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring
2013-06-03 00:00:00
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
2013-05-21 00:00:00
nvd
nvd
CVE-2013-3130
2013-05-30 14:55:01
ibm
ibm
Security Bulletin: Libxml2 vulnerabilities in Network Intrusion Prevention System (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660, CVE-2013-5211)
2022-02-23 19:48:26
openvas
openvas
Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2850851)
2013-07-10 00:00:00
MS Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2850851)
2013-07-10 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-07-29 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.829

Percentile

98.5%

JSON
Related for NVD:CVE-2013-3660
prion2cvelist1zdt1attackerkb1metasploit1msrc1cisa_kev1thn3seebug1packetstorm1cve2threatpost2nessus2exploitdb3nvd1ibm1openvas2securityvulns1