// For flags

CVE-2014-4971

Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

12
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Microsoft Windows XP SP3 no valida direcciones en ciertas rutinas del manejador IRP, lo que permite a usuarios locales escribir datos en localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una dirección manipulada en una llamada IOCTL, relacionado con (1) el controlador MQAC.sys en el subsistema MQ Access Control y (2) el controlador BthPan.sys en el subsistema Bluetooth Personal Area Networking.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-07-15 CVE Reserved
  • 2014-07-19 First Exploit
  • 2014-07-21 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (21)
URL Tag Source
http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html X_refsource_misc
http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html X_refsource_misc
http://www.osvdb.org/109387 Broken Link
http://www.securityfocus.com/archive/1/532843/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/532844/100/0/threaded Mailing List
http://www.securityfocus.com/bid/68764 Vdb Entry
http://www.securitytracker.com/id/1031025 Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/34131 2014-07-21
https://www.exploit-db.com/exploits/34112 2014-07-19
https://www.exploit-db.com/exploits/34982 2014-10-15
https://www.exploit-db.com/exploits/34167 2014-07-25
http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html 2024-08-06
http://seclists.org/fulldisclosure/2014/Jul/96 2024-08-06
http://seclists.org/fulldisclosure/2014/Jul/97 2024-08-06
http://www.exploit-db.com/exploits/34112 2024-08-06
http://www.exploit-db.com/exploits/34131 2024-08-06
http://www.exploit-db.com/exploits/34982 2024-08-06
https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt 2024-08-06
https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt 2024-08-06
URL Date SRC
URL Date SRC
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx 2018-10-12
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062 2018-10-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp3
Affected