CVE-2013-3130

This exploit targets a local privilege escalation vulnerability in Windows kernel-mode drivers (win32k.sys) via a use-after-free in the EPATHOBJ::pprFlattenRec function. It manipulates PATHRECORD objects to achieve arbitrary kernel memory corruption, leading to ring0 execution.

This exploit leverages a race condition in the Windows kernel's EPATHOBJ::bFlatten function to achieve arbitrary memory writes, leading to a local privilege escalation (LPE) to SYSTEM. The PoC demonstrates a watchdog thread patching a compromised linked list to trigger the exploit, causing a crash with a controlled value (0xCCCCCCCC).

This Metasploit module exploits a local privilege escalation vulnerability (CVE-2013-3660) in Windows due to uninitialized data usage in EPATHOBJ::pprFlattenRec, allowing memory corruption. It migrates to a new process, loads an exploit DLL, and escalates privileges to SYSTEM.