Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-26T15:00:00
Updated: 2024-08-06T11:34:36.517Z
Reserved: 2014-07-15T00:00:00
Link: CVE-2014-4971
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-26T15:55:04.387
Modified: 2024-11-21T02:11:11.677
Link: CVE-2014-4971
Redhat
No data.