CVE-2013-3660

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 and R2 SP1 Microsoft Windows 7 version SP1 Microsoft Windows 8 Microsoft Windows Server 2012

Description The issue arises from the improper initialization of a pointer for the next object in a certain list by the EPATHOBJ::pprFlattenRec function in win32k.sys. This allows local users to gain privileges by obtaining write access to the PATHRECORD chain, which can be achieved by triggering excessive consumption of paged memory and then making many FlattenPath function calls. Although a theoretical remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory, the remote attack vector is not likely, and an attacker would probably need to log on to the target system to exploit this issue and gain elevated privileges.

Recommendations For Microsoft Windows XP versions SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 version SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista version SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 versions SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 version SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the win32k.sys driver to minimize the risk of exploitation.