CVE-2014-4971
Description
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
18.672
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows Server 2003 (KB2993254) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB2993254) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-16294 | Security Update for Windows Server 2003 (KB2993254) |
| PATCH-16295 | Security Update for Windows Server 2003 x64 Edition (KB2993254) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234