CVE-2014-4971

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp
Vendor: CVE Published:; 26 July 2014

Summary

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

References

http://www.securitytracker.com/id/1031025

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/68764

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 26, 2014
Vulnerability Reserved
Jul 15, 2014

Collectors

NVD DatabaseMitre Database