CVE-2014-4971

This is a Metasploit module for CVE-2014-4971, a privilege escalation vulnerability in Microsoft Bluetooth Personal Area Networking (BthPan.sys). It exploits a memory corruption flaw to overwrite HalDispatchTable and execute arbitrary kernel code.

This Metasploit module exploits CVE-2014-4971, an arbitrary write vulnerability in MQAC.sys, to escalate privileges to SYSTEM on Windows XP SP3. It uses token stealing to achieve privilege escalation.

This exploit leverages a write-what-where vulnerability in BthPan.sys on Windows XP SP3 via an unvalidated OutputBuffer in DeviceIoControlFile calls. It allows arbitrary memory writes to escalate privileges by overwriting HalDispatchTable+0x4 and executing shellcode via NtQueryIntervalProfile.

The exploit demonstrates a write-what-where vulnerability in MQAC.sys on Windows XP SP3, allowing arbitrary memory writes via a crafted DeviceIoControlFile call. It includes a Python PoC that escalates privileges by overwriting HalDispatchTable+0x4 and triggering shellcode execution via NtQueryIntervalProfile.

This Metasploit module exploits CVE-2014-4971, a privilege escalation vulnerability in the Microsoft Bluetooth Personal Area Networking (BthPan.sys) driver. It leverages memory corruption to overwrite the HalDispatchTable and execute arbitrary kernel code, elevating privileges to SYSTEM on Windows XP SP3.

This Metasploit module exploits CVE-2014-4971, an arbitrary kernel memory write vulnerability in MQAC.sys on Windows XP SP3. It escalates privileges to SYSTEM by overwriting the HalDispatchTable and injecting a payload into a SYSTEM process.