Microsoft Windows Local Privilege Escalation (CVE-2013-3660)

Posted: 04/07/2013 in Geek Stuff, Hacking, In The News, Microsoft, Vulnerability
Tags: , , , , ,

tv crime2

Microsoft Windows contains vulnerability (CVE-2013-3660) that could allow an local attacker to gain elevated privileges on a targeted system. The vulnerability classified as critical has been found in Microsoft Windows XP/Vista/7/2000/Server 2003/2008. This affects the function win32k!EPATHOBJ::pprFlattenRec of the component Kernel. The vulnerability is due to improper handling of certain objects in kernel memory by the affected software. A local attacker with access to a targeted system could exploit this vulnerability by running a malicious program that is designed to cause the Windows kernel to perform improper memory operations on certain objects. If successful, the attacker could execute arbitrary code on the system with the privileges of the kernel, resulting in a complete system compromise. Proof of concept code that exploits this vulnerability is publicly available.

CVE: CVE-2013-3660
Remote: No
Local: Yes
Updated: Jul 02 2013 08:21AM
Credit: Tavis Ormandy
Vulnerable: Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows 8 0
Microsoft Windows 7 Professional 0
Microsoft Windows 7 for 32-bit Systems SP1

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

http://cvedetails.com/cve/CVE-2013-3660

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s