Published: 26/07/2014 Updated: 12/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 740

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows xp

A vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile Microsoft MQ Access Control version 5101110 on XP SP3 is affected ...

A vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile Microsoft Bluetooth Personal Area Networking version 5126005512 on XP SP3 is ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking include Msf::Exploit::Local::WindowsKernel include Msf::Pos ...

Title: Microsoft XP SP3 MQACsys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-003 Publication Date: 20140718 Publication URL: wwwkorelogiccom/Resources/Advisories/KL-001-2014-003txt 1 Vulnerability Details Affected Vendor: Microsoft Affected Product: MQ Access Control Affected Versions: 5101110 ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::Windows::Priv include Msf::Post::Windows::Process def initialize(info={}) super(u ...

""" Title: Microsoft XP SP3 BthPansys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: wwwkorelogiccom/Resources/Advisories/KL-001-2014-002txt 1 Vulnerability Details Affected Vendor: Microsoft Affected Product: Bluetooth Personal Area Networking Affected ...

CWE-20 http://seclists.org/fulldisclosure/2014/Jul/97 https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt http://seclists.org/fulldisclosure/2014/Jul/96 http://www.osvdb.org/109387 http://www.exploit-db.com/exploits/34112 http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html http://secunia.com/advisories/60974 http://www.securitytracker.com/id/1031025 http://www.exploit-db.com/exploits/34982 http://www.securityfocus.com/bid/68764 http://www.exploit-db.com/exploits/34131 http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html http://www.securityfocus.com/archive/1/532844/100/0/threaded http://www.securityfocus.com/archive/1/532843/100/0/threaded https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062 https://nvd.nist.gov https://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html https://www.exploit-db.com/exploits/34982/

CVE-2014-4971

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect