CVE-2013-3661

CVSS V2 Medium 4.9 CVSS V3 None
Description
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
Overview
  • CVE ID
  • CVE-2013-3661
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2013-05-24T20:55:01
  • Last Modified Date
  • 2019-02-26T14:04:02
Weakness Enumerations
CWE URL
CWE-22 http://cwe.mitre.org/data/definitions/22.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 4.9
  • Severity
  • MEDIUM
  • Exploitability Score
  • 3.9
  • Impact Score
  • 6.9
References
Reference URL Reference Tags
http://secunia.com/advisories/53435 Vendor Advisory
http://www.computerworld.com/s/article/9239477
http://twitter.com/taviso/statuses/335557286657400832
http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw
http://www.exploit-db.com/exploits/25611/
http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/
http://www.osvdb.org/93539
http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2013-3661
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3661
History
Created Old Value New Value Data Type Notes
2022-05-10 07:57:44 Added to TrackCVE
2022-12-01 18:38:12 2013-05-24T20:55Z 2013-05-24T20:55:01 CVE Published Date updated
2022-12-01 18:38:12 2019-02-26T14:04:02 CVE Modified Date updated
2022-12-01 18:38:12 Modified Vulnerability Status updated