The 2013 Pwnie Nominee For Best Privilege Escalation Bug

win32k.sys EPATHOBJ::pprFlattenRec uninitialized pointer (CVE-2013-3660)

Credit: Tavis Ormandy

No privilege escalation nomination list would be complete without at least one entry from win32k.sys . This year Tavis provides a great example of a subtle bug that works on Windows XP through Windows 8.