CVE-2013-3660

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published May 24, 2013

Updated: Dec 20, 2024

CWE ID 119

Summary

CVE-2013-3660 is a vulnerability affecting multiple Microsoft Windows operating systems, including XP SP2 and SP3, Vista SP2, Windows Server 2003 SP2, Windows 7 SP1, Windows 8, and Windows Server 2012. The issue lies with the EPATHOBJ::pprFlattenRec function in win32k.sys, which fails to initialize a critical pointer for the next object in a specific list. This flaw allows local users to manipulate the PATHRECORD chain, resulting in excessive consumption of paged memory and the ability to gain privileges through multiple FlattenPath function calls. This vulnerability, also known as the "Win32k Read AV Vulnerability," can be exploited to elevate user privileges in the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2012

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners