Back to KEVs

CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 24, 2013
Published Date: May 24, 2013
Last Updated: February 07, 2025
Vendor: n/a
Product: n/a
Description: The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-28 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-01-29 02:14:26 UTC) Source

References

http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html http://www.exploit-db.com/exploits/25611/ http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html http://secunia.com/advisories/53435 http://www.osvdb.org/93539 http://twitter.com/taviso/statuses/309157606247768064 http://www.computerworld.com/s/article/9239477 http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360 http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/ http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 http://twitter.com/taviso/statuses/335557286657400832

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-28 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ppr_flatten_rec.rb	2025-04-29 11:01:41 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ppr_flatten_rec

Type: metasploit • Created: Unknown

Metasploit module for CVE-2013-3660

ExploitCN/CVE-2013-3660-x64-WIN7

Type: github • Created: 2022-01-29 02:14:26 UTC • Stars: 4

CVE-2013-3660的x64 win7平台EXP源代码，成功率100%。