CVE-2014-4971 Information

Description

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines which allows local users to write data to arbitrary memory locations and consequently gain privileges via a crafted address in an IOCTL call related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Reference

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Jul/96 http://seclists.org/fulldisclosure/2014/Jul/97 http://secunia.com/advisories/60974 http://www.exploit-db.com/exploits/34112 http://www.exploit-db.com/exploits/34131 http://www.exploit-db.com/exploits/34982 http://www.osvdb.org/109387 http://www.securityfocus.com/archive/1/532843/100/0/threaded http://www.securityfocus.com/archive/1/532844/100/0/threaded http://www.securityfocus.com/bid/68764 http://www.securitytracker.com/id/1031025 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062 https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt