|MS11-053||Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)||Windows Vista||Critical||13-07-2011|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system.
Detailed Information on the risk:
A remote code execution vulnerability exists in the Windows Bluetooth 2.1 Stack due to the way an object in memory is accessed when it has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a series of specially crafted Bluetooth packets and sending them to the target machine. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS11-053
Affected SoftwareWindows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1