CVE-2014-4971

2014-07-26T11:55:04
ID CVE-2014-4971
Type cve
Reporter NVD
Modified 2018-10-12T18:07:28

Description

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.