cbcvebase.
CVE-2013-3661
published 2013-05-24

CVE-2013-3661: The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2…

PriorityP428medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
3.85%
88.8th percentile
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.

Affected

5 ranges
VendorProductVersion rangeFixed in
jenkinscertain_pages_in_monitoring_plugin
jenkinsjenkins_core
jenkinsmonitoring_plugin
jenkinsuser_of_monitoring_plugin
microsoftwindows_server_2008
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.