CVE-2013-3660
CVE-2013-3660
In short
A flaw in Windows graphics drivers allows a local user to gain administrative privileges by consuming excessive memory and making specially crafted graphics function calls, leading to uninitialized pointer access.
Technical detail
CVE-2013-3660 involves an uninitialized pointer in the EPATHOBJ::pprFlattenRec function within win32k.sys kernel-mode driver. Local attackers exploit this via repeated FlattenPath calls combined with paged memory exhaustion to achieve write access to the PATHRECORD chain, resulting in privilege escalation. The vulnerability affects Windows XP through Server 2012.
Summary generated and translated by AI from the official description.
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/ExploitCN/CVE-2013-3660-x64-WIN7★ 3cve_referencewww.exploit-db.com/exploits/25611/unverifiedexploitdbwww.exploit-db.com/exploits/25611unverifiedexploitdbwww.exploit-db.com/exploits/26554unverifiedexploitdbwww.exploit-db.com/exploits/25912unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053http://secunia.com/advisories/53435https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3660http://twitter.com/taviso/statuses/309157606247768064http://twitter.com/taviso/statuses/335557286657400832http://www.computerworld.com/s/article/9239477http://www.exploit-db.com/exploits/25611/http://www.osvdb.org/93539