CVE-2014-4971

Published: Jul 26, 2014Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Affected (1)

Products: Microsoft: Windows Xp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (36)

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html

Source: cve@mitre.org

ExploitVDB Entry

http://seclists.org/fulldisclosure/2014/Jul/96

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Jul/97

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/60974

Source: cve@mitre.org

Permissions Required

http://www.exploit-db.com/exploits/34112

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/34131

Source: cve@mitre.org

http://www.exploit-db.com/exploits/34982

Source: cve@mitre.org

Exploit

http://www.osvdb.org/109387

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/archive/1/532843/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/532844/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/68764

Source: cve@mitre.org

http://www.securitytracker.com/id/1031025

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062

Source: cve@mitre.org

https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

Source: cve@mitre.org

Exploit

https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

Source: cve@mitre.org

Exploit

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVDB Entry

http://seclists.org/fulldisclosure/2014/Jul/96

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2014/Jul/97

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/60974

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

http://www.exploit-db.com/exploits/34112

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.exploit-db.com/exploits/34131

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/34982

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/109387

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/archive/1/532843/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/532844/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/68764

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031025

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.