Vulnerability Details : CVE-2014-4971
Public exploit exists!
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
Vulnerability category: Input validation
Products affected by CVE-2014-4971
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4971
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-4971
-
MS14-062 Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
Disclosure Date: 2014-07-18First seen: 2020-04-26exploit/windows/local/bthpanA vulnerability within Microsoft Bluetooth Personal Area Networking module, BthPan.sys, can allow an attacker to inject memory controlled by the attacker into an arbitrary location. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute -
MQAC.sys Arbitrary Write Privilege Escalation
Disclosure Date: 2014-07-22First seen: 2020-04-26exploit/windows/local/mqac_writeA vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process. Authors: - Matt Bergin - Spencer M
CVSS scores for CVE-2014-4971
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-4971
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4971
-
http://www.exploit-db.com/exploits/34112
Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation - Windows local ExploitExploit
-
http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation ≈ Packet Storm
-
http://www.exploit-db.com/exploits/34982
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit) - Windows_x86 local ExploitExploit
-
https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt
Exploit
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062
Microsoft Security Bulletin MS14-062 - Important | Microsoft Docs
-
http://www.securitytracker.com/id/1031025
Microsoft Message Queuing Service Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html
Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation ≈ Packet StormExploit;VDB Entry
-
http://www.securityfocus.com/bid/68764
Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
-
https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt
Exploit
-
http://seclists.org/fulldisclosure/2014/Jul/97
Full Disclosure: KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege EscalationExploit
-
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
Assessing Risk for the October 2014 Security Updates – Microsoft Security Response CenterVendor Advisory
-
http://www.securityfocus.com/archive/1/532844/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/34131
Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation - Windows local Exploit
-
http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation ≈ Packet Storm
-
http://www.securityfocus.com/archive/1/532843/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2014/Jul/96
Full Disclosure: KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege EscalationExploit
Jump to