SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020221
SecurityTracker URL:  http://securitytracker.com/id/1020221
CVE Reference:   CVE-2008-1453   (Links to External Site)
Updated:  Jun 19 2008
Original Entry Date:  Jun 10 2008
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, Vista SP1; and prior service packs
Description:   A vulnerability was reported in the Windows Bluetooth stack. A remote user can execute arbitrary code on the target system.

A remote user can send a large number of specially crafted Service Discovery Protocol (SDP) request packets via Bluetooth to execute arbitrary code on the target system. The code will run with elevated privileges.

Systems with Bluetooth enabled are affected.

Impact:   A remote user within Bluetooth network range can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix.

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=980bb421-950f-4825-8039-44cc961a47b8

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=81ab56ca-933f-4974-a393-290a54c30a78

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6524debe-be50-44d1-8543-af0bfaf086ad

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6adee8b9-3455-4f3b-8bdd-2585c8ff83b8

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx

On June 14, 2008 (UTC), Microsoft issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management Services (SMS) 2003 clients:

http://www.microsoft.com/technet/security/advisory/954474.mspx

On June 19, 2008, Microsoft issued a new version of the update for Windows XP SP2 and SP3, as the previous version did not fully correct the problem.

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-030.mspx (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC