Vulnerability CVE-2014-4971


Published: 2014-07-26

Description:
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Matt Bergin of K...
22.07.2014
Med.
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Matt Bergin of K...
22.07.2014
Med.
MQAC.sys Arbitrary Write Privilege Escalation
Spencer
25.07.2014
Med.
Microsoft Bluetooth Personal Area Networking Privilege Escalation
Jay Smith
16.10.2014

Type:

CWE-20

(Improper Input Validation)

Vendor: Microsoft
Product: Windows xp 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html
http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html
http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Jul/96
http://seclists.org/fulldisclosure/2014/Jul/97
http://www.exploit-db.com/exploits/34112
http://www.exploit-db.com/exploits/34131
http://www.exploit-db.com/exploits/34982
http://www.securityfocus.com/archive/1/532843/100/0/threaded
http://www.securityfocus.com/archive/1/532844/100/0/threaded
http://www.securityfocus.com/bid/68764
http://www.securitytracker.com/id/1031025
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062
https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt
https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

Related CVE
CVE-2018-8475
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, ...
CVE-2018-8470
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Exp...
CVE-2018-8469
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID ...
CVE-2018-8468
An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Wind...
CVE-2018-8467
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID ...
CVE-2018-8466
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID ...
CVE-2018-8465
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID ...
CVE-2018-8463
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID ...

Copyright 2018, cxsecurity.com

 

Back to Top