CVE-2014-4971

CVE Database · CVE-2014-4971

CVE-2014-4971

· N/AModified

CVSS v3.1

N/A

EPSS

23.05%

Published

Jul 26, 2014

Modified

May 6, 2026

Public PoC / Exploit (5)

All weaponized →

Exploit-DBMicrosoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation Exploit-DBMicrosoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation Exploit-DBMicrosoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit)Exploit-DBMicrosoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Weaknesses (CWE)

CWE-20

Affected Products (1)

microsoft · windows_xpvulnerable

References (20)

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx

Vendor Advisory

http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html

http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html

http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html

ExploitVDB Entry

http://seclists.org/fulldisclosure/2014/Jul/96

Exploit

http://seclists.org/fulldisclosure/2014/Jul/97

Exploit

http://secunia.com/advisories/60974

KEV Catalog EPSS Scores Vendors All CVEs