Introduction - If you have any usage issues, please Google them yourself
Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit
There s a pretty obvious bug in win32k!EPATHOBJ::pprFlattenRec where the
// PATHREC object returned by win32k!EPATHOBJ::newpathrec doesn t initialise the
next list pointer. The bug is really nice, but exploitation when
allocations start failing is tricky.