Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities

Medium Nessus Plugin ID 66878


The remote host is affected by multiple vulnerabilities.


The Microsoft Windows host has a flaw in Win32k.sys which can be exploited by local users to gain elevated privileges or trigger a denial of service condition. The issue is due to a flaw in how linked list pointers are handled in PATHREC objects.


There is currently no known solution for this vulnerability.

See Also

Plugin Details

Severity: Medium

ID: 66878

File Name: smb_nt_cve-2013-3660.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2013/06/12

Modified: 2013/09/28

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 6.6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2013/05/17

Exploitable With

Core Impact

Metasploit (Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation)

Reference Information

CVE: CVE-2013-3660, CVE-2013-3661

BID: 60051

OSVDB: 93539

EDB-ID: 25611, 25912