CVE-2013-3660

HIGH KEV RANSOMWARE

Microsoft Windows 7 - Memory Corruption

Title source: rule

Description

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

Exploits (5)

nomisec NO CODE 3 stars

by ExploitCN · poc

https://github.com/ExploitCN/CVE-2013-3660-x64-WIN7

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · textdoswindows

https://www.exploit-db.com/exploits/25611

View Code ZIP pw:eip

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/25912

View on exploitdb

exploitdb WORKING POC

rubylocalwindows

https://www.exploit-db.com/exploits/26554

View on exploitdb

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ppr_flatten_rec.rb

View Code ZIP pw:eip

References (15)

[Broken Link] http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html

[Broken Link] http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html

[Broken Link] http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/53435

[Exploit] http://twitter.com/taviso/statuses/309157606247768064

[Not Applicable] http://twitter.com/taviso/statuses/335557286657400832

[Broken Link] http://www.computerworld.com/s/article/9239477

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/25611/

[Broken Link] http://www.osvdb.org/93539

[Exploit, Issue Tracking] http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/

[Press/Media Coverage] http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/ncas/alerts/TA13-190A

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3660

Scores

CVSS v3 7.8

EPSS 0.6917

EPSS Percentile 98.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-28

VulnCheck KEV 2015-01-06

InTheWild.io 2022-03-28

ENISA EUVD EUVD-2013-3593

Ransomware Use Confirmed

Classification

CWE

CWE-119

Status draft

Affected Products (10)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_rt

microsoft/windows_server_2003

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_vista

microsoft/windows_xp

microsoft/windows_xp

Timeline

Published May 24, 2013

KEV Added Mar 28, 2022

Tracked Since Feb 18, 2026