Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows XP privilege escalation
Published:22.07.2014
Source:
SecurityVulns ID:13881
Type:local
Threat Level:
5/10
Description:BthPan.sys and MQAC.sys privilege escalation.
Affected:MICROSOFT : Windows XP
CVE:CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.)
Original documentdocumentdisclosures_(at)_korelogic.com, KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation (22.07.2014)
 documentdisclosures_(at)_korelogic.com, KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation (22.07.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod