Microsoft » Windows Server 2012 : Security Vulnerabilities, CVEs, Published In May 2013 (Denial of service)
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-05-24
Updated
2019-02-26
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
Max CVSS
7.8
EPSS Score
95.22%
Published
2013-05-15
Updated
2018-10-12
2 vulnerabilities found