The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-05-24 13:55
Updated : 2019-02-26 06:04
NVD link : CVE-2013-3661
Mitre link : CVE-2013-3661
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
microsoft
- windows_7
- windows_vista
- windows_xp
- windows_server_2008
- windows_8
- windows_rt
- windows_server_2012
- windows_server_2003