Back to search
CVE-2014-4971
Published: Jul 26, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1031025
vdb-entry
x_refsource_SECTRACK
MS14-062
vendor-advisory
x_refsource_MS
68764
vdb-entry
x_refsource_BID
20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
mailing-list
x_refsource_BUGTRAQ
34112
exploit
x_refsource_EXPLOIT-DB
34131
exploit
x_refsource_EXPLOIT-DB
34982
exploit
x_refsource_EXPLOIT-DB
20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
mailing-list
x_refsource_FULLDISC
20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
mailing-list
x_refsource_BUGTRAQ
109387
vdb-entry
x_refsource_OSVDB
60974
third-party-advisory
x_refsource_SECUNIA
20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now