Lenovo ThinkPad Bluetooth with Enhanced Data Rate Arbitrary DLL Injection Code Execution Vulnerability

High Nessus Plugin ID 65986


The remote host is affected by an arbitrary DLL injection vulnerability.


The remote host has a version of Lenovo ThinkPad Bluetooth with Enhanced Data Rate installed that uses fixed paths for including DLL files that may not be trusted. By tricking a user into opening a file in a directory accessible by an attacker, it may be possible to inject and execute code from arbitrary .dll files.


Upgrade to Lenovo ThinkPad Bluetooth with Enhanced Data Rate version or higher.

See Also



Plugin Details

Severity: High

ID: 65986

File Name: lenovo_bluetooth_edr_6_5_1_2700.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/04/11

Modified: 2017/02/07

Dependencies: 65985

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:lenovo:thinkpad_bluetooth_with_enhanced_data_rate_software

Required KB Items: SMB/Lenovo_BT_EDR/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/05/09

Vulnerability Publication Date: 2013/01/15

Reference Information

CVE: CVE-2013-1361

BID: 57504

OSVDB: 89483