CVE-2014-4971
43Vexday Risk Score
Corrija em breve. Ela tem exploit funcional público.
ssvc Attendepss 23%
da publicação à arma0 dias
Publicada no NVD26 de jul.
1ª PoC19 de jul.
metasploit18 de jul.
probabilidade de exploração
23%top 3% das CVEs
exploração observada
nãonenhuma fonte reporta
10 exploit(s) público(s)
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 10
cve_referencepacketstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.htmlnão verificadocve_referencepacketstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.htmlnão verificadocve_referencepacketstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.htmlnão verificadocve_referencewww.exploit-db.com/exploits/34112não verificadocve_referencewww.exploit-db.com/exploits/34131não verificadocve_referencewww.exploit-db.com/exploits/34982não verificadoexploitdbwww.exploit-db.com/exploits/34131não verificadoexploitdbwww.exploit-db.com/exploits/34112não verificadoexploitdbwww.exploit-db.com/exploits/34982não verificadoexploitdbwww.exploit-db.com/exploits/34167não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Referências
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062http://seclists.org/fulldisclosure/2014/Jul/96http://seclists.org/fulldisclosure/2014/Jul/97http://secunia.com/advisories/60974https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txthttps://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txthttp://www.exploit-db.com/exploits/34112http://www.exploit-db.com/exploits/34131