Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3661Path Traversal in Microsoft Windows Server 2008

CWE-22Path Traversal6 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
1.8%
top 17.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Microsoft Windows Server 2008Jenkins Certain Pages IN Monitoring PluginJenkins Core+2 more
Timeline
PublishedMay 24
Latest updateMay 14

Description

The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages5 packages

🔴Vulnerability Details

1
GHSA
GHSA-qx37-q6px-wm6q: The EPATHOBJ::bFlatten function in win32k2022-05-14

💥Exploits & PoCs

3
Exploit-DB
Microsoft Windows - 'EPATHOBJ::pprFlattenRec' Local Privilege Escalation (Metasploit)2013-07-02
Exploit-DB
Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring2013-06-03
Exploit-DB
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase2013-05-21