CERT-In Vulnerability Note CIVN-2008-77
Microsoft Windows Bluetooth Stack Allows Remote Code Execution Vulnerability
Original Issue Date:
June 12, 2008
Updated: June 20, 2008
Severity Rating:
High
System Affected
- Windows XP Service Pack 2
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Vista
- Windows Vista Service Pack 1
- Windows Vista x64 Edition
- Windows Vista x64 Edition Service Pack 1
Overview
A vulnerability has been reported in Microsoft Windows Bluetooth stack that could allow a remote attacker to execute arbitrary code and to take complete control of an affected system.
Description
The vulnerability is caused due to improper handling of Service Discovery Protocol ( SDP ) request packets by Windows Bluetooth stack.
A Remote attacker could exploit this vulnerability by sending large number of specially crafted Service Discovery Protocol ( SDP ) request packets via Bluetooth to execute arbitrary code on target system. Successful exploitation of this vulnerability could allow remote attacker to take complete control of the vulnerable system.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-030
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
References
FrSIRT
http://www.frsirt.com/english/advisories/2008/1777
CISCO Systems
http://tools.cisco.com/security/center/viewAlert.x?alertId=16045
SecuriTeam
http://www.securiteam.com/windowsntfocus/5UP0B0AOKM.html
SecurityTracker
http://www.securitytracker.com/alerts/2008/Jun/1020221.html
CVE-Name
CVE-2008-1453
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
