Local Privilege Escalation in Microsoft Windows XP SP3 via MQAC.sys and BthPan.sys Drivers
CVE-2014-4971

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows Xp
Vendor
CVE Published:
26 July 2014

What is CVE-2014-4971?

Microsoft Windows XP SP3 contains a security flaw that fails to validate addresses in specific IRP handler routines. This oversight allows local users to exploit crafted addresses in IOCTL calls, leading to arbitrary data writes in memory. The vulnerabilities are linked to the MQAC.sys driver within the Message Queuing Access Control subsystem and the BthPan.sys driver associated with Bluetooth Personal Area Networking. Attackers could leverage this weakness to escalate their privileges on the system, thus potentially compromising data integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1031025
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/68764
vdb-entryx_refsource_BID

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.