Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
BID:68764
Info
Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
| Bugtraq ID: | 68764 |
| Class: | Design Error |
| CVE: |
CVE-2014-4971 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 18 2014 12:00AM |
| Updated: | Oct 21 2014 12:01AM |
| Credit: | Matt Bergin of KoreLogic Security. |
| Vulnerable: |
Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 SP2 Avaya Messaging Application Server 5.2 Avaya Communication Server 1000 Telephony Manager 4.0 Avaya Communication Server 1000 Telephony Manager 3.0 Avaya CallPilot 4.0 Avaya CallPilot 0 |
| Not Vulnerable: | |
Discussion
Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
Multiple Microsoft products are prone to multiple privilege-escalation vulnerabilities.
Successful exploits may allow an attacker to write arbitrary memory locations and gain elevated privileges. This may aid in further attacks.
Following products are affected:
Bluetooth Personal Area Networking
MQ Access Control
Multiple Microsoft products are prone to multiple privilege-escalation vulnerabilities.
Successful exploits may allow an attacker to write arbitrary memory locations and gain elevated privileges. This may aid in further attacks.
Following products are affected:
Bluetooth Personal Area Networking
MQ Access Control
Exploit / POC
Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
The researcher who discovered these issues has created proof-of-concepts. Please see the references for more information.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
The researcher who discovered these issues has created proof-of-concepts. Please see the references for more information.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Solution / Fix
References
Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
References:
References: