Thursday, July 4, 2013


Microsoft Windows contains a vulnerability (CVE-2013-3660) that could allow an local hacker to get elevated privileges on a victim system. The vulnerability classified as critical/dangerous. It was found in Microsoft Windows XP/Vista/7/2000/Server 2003/2008.This affects the function win32k!EPATHOBJ::pprFlattenRec of the component Kernel.The vulnerability is due to improper handling of certain objects in kernel memory by the affected software.A local hacker with access to victim system could exploit this vulnerability by running a malicious code that is designed to cause the Windows kernel to perform improper memory operations on certain objects. If successful, the hacker could execute arbitrary code on the system with the privileges of the kernel, resulting in a complete system compromise.
Proof of concept code that exploits this vulnerability is available to public.


0 comments :

Post a Comment