SecurityTracker.com Archives - Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: OS (Microsoft) > Windows DLL (Any)

Vendors: Microsoft

Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1020221

SecurityTracker URL: http://securitytracker.com/id?1020221

CVE Reference: CVE-2008-1453 (Links to External Site)

Updated: Jun 19 2008

Original Entry Date: Jun 10 2008

Impact: Execution of arbitrary code via network, Root access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Microsoft Security Bulletin

Version(s): XP SP3, Vista SP1; and prior service packs

Description: A vulnerability was reported in the Windows Bluetooth stack. A remote user can execute arbitrary code on the target system.

A remote user can send a large number of specially crafted Service Discovery Protocol (SDP) request packets via Bluetooth to execute arbitrary code on the target system. The code will run with elevated privileges.

Systems with Bluetooth enabled are affected.

Impact: A remote user within Bluetooth network range can execute arbitrary code on the target system.

Solution: The vendor has issued a fix.

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=980bb421-950f-4825-803 9-44cc961a47b8

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid= 81ab56ca-933f-4974-a393-290a54c30a78

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6524debe-be50-44d1-854 3-af0bfaf086ad

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6adee8b9-3455-4f3b-8 bdd-2585c8ff83b8

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx

On June 14, 2008 (UTC), Microsoft issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management Services (SMS) 2003 clients:

http://www.microsoft.com/technet/security/advisory/954474.mspx

On June 19, 2008, Microsoft issued a new version of the update for Windows XP SP2 and SP3, as the previous version did not fully correct the problem.

Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-030.mspx (Links to External Site)

Cause: Not specified

Underlying OS: Windows (Vista), Windows (XP)

Message History: None.

Source Message Contents

Date: Tue, 10 Jun 2008 13:40:38 -0400
Subject: Microsoft Security Bulletin MS08-030 Critical: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

 
 
http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
 
CVE-2008-1453

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC