Design/Logic Flaw

2013-05-2420:55:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.

CPENameOperatorVersion
windows_7eq sp1x86
windows_7eq sp1x64
windows_8eq- x86
windows_8eq- x64
windows_server_2008eq- sp2
windows_server_2008eqr2 sp1
windows_vistaeq- sp2
windows_xpeq sp2x64

Name	Operator	Version
windows_7	eq	sp1x86
windows_7	eq	sp1x64
windows_8	eq	- x86
windows_8	eq	- x64
windows_server_2008	eq	- sp2
windows_server_2008	eq	r2 sp1
windows_vista	eq	- sp2
windows_xp	eq	sp2x64