Local Privilege Escalation in Microsoft Windows XP SP3 via MQAC.sys and BthPan.sys Drivers
CVE-2014-4971

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp
Vendor: CVE Published:; 26 July 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 18%

What is CVE-2014-4971?

Microsoft Windows XP SP3 contains a security flaw that fails to validate addresses in specific IRP handler routines. This oversight allows local users to exploit crafted addresses in IOCTL calls, leading to arbitrary data writes in memory. The vulnerabilities are linked to the MQAC.sys driver within the Message Queuing Access Control subsystem and the BthPan.sys driver associated with Bluetooth Personal Area Networking. Attackers could leverage this weakness to escalate their privileges on the system, thus potentially compromising data integrity and security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-4971 - Proof of Concept

References

http://www.securitytracker.com/id/1031025

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/68764

vdb-entryx_refsource_BID

EPSS Score

18% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 26, 2014
👾
Exploit known to exist
Jul 26, 2014
Vulnerability published
Jul 26, 2014
Vulnerability Reserved
Jul 15, 2014

CVE-2014-4971 Data

JSON