CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 12CVE-2014-4971 – Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4971
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem. Microsoft Windows XP SP3 no valida direcciones en ciertas rutinas del manejador IRP, lo que permite a usuarios locales escribir datos en localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una dirección manipulada en una llamada IOCTL, relacionado con (1) el controlador MQAC.sys en el subsistema MQ Access Control y (2) el controlador BthPan.sys en el subsistema Bluetooth Personal Area Networking. • https://www.exploit-db.com/exploits/34131 https://www.exploit-db.com/exploits/34112 https://www.exploit-db.com/exploits/34982 https://www.exploit-db.com/exploits/34167 http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html • CWE-20: Improper Input Validation •
CVSS: 3.6EPSS: 0%CPEs: 63EXPL: 2CVE-2014-2477 – Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-2477
A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. • https://www.exploit-db.com/exploits/34333 http://seclists.org/fulldisclosure/2014/Dec/23 http://www.exploit-db.com/exploits/34333 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68613 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 3CVE-2014-1767 – Microsoft Windows AFD.SYS Dangling Pointer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-1767
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." Vulnerabilidad de doble liberación en Ancillary Function Driver (AFD) en afd.sys en los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad de elevación de privilegios de Ancillary Function Driver.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. • https://www.exploit-db.com/exploits/39446 https://www.exploit-db.com/exploits/39525 https://github.com/ExploitCN/CVE-2014-1767-EXP-PAPER http://secunia.com/advisories/59778 http://www.securityfocus.com/bid/68394 http://www.zerodayinitiative.com/advisories/ZDI-14-220 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-040 • CWE-415: Double Free •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada. • https://www.exploit-db.com/exploits/27191 https://www.exploit-db.com/exploits/26452 http://pastebin.com/GB4iiEwR http://www.exploit-db.com/exploits/26452 http://www.exploit-db.com/exploits/27191 http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-264: Permissions, Privileges, and Access Controls •