Detections
Analytics
Lenovo ThinkPad Bluetooth with Enhanced Data Rate Arbitrary DLL Injection Code Execution Vulnerability
high Nessus Plugin ID 65986
Language:
Synopsis
The remote host is affected by an arbitrary DLL injection vulnerability.Description
The remote host has a version of Lenovo ThinkPad Bluetooth with Enhanced Data Rate installed that uses fixed paths for including DLL files that may not be trusted. By tricking a user into opening a file in a directory accessible by an attacker, it may be possible to inject and execute code from arbitrary .dll files.Solution
Upgrade to Lenovo ThinkPad Bluetooth with Enhanced Data Rate version 6.5.1.2700 or higher.See Also
https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/g4wb10ww.txt
https://docs.microsoft.com/en-us/security-updates/VulnerabilityResearchAdvisories/2013/msvr13-001
Plugin Details
Severity: High
ID: 65986
File Name: lenovo_bluetooth_edr_6_5_1_2700.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows
Published: 4/11/2013
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:lenovo:thinkpad_bluetooth_with_enhanced_data_rate_software
Required KB Items: SMB/Lenovo_BT_EDR/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 5/9/2012
Vulnerability Publication Date: 1/15/2013
Reference Information
CVE: CVE-2013-1361
BID: 57504