This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of AVDTP packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2012 r2 |
||
microsoft windows server 2016 - |
||
microsoft windows server 2012 - |
||
microsoft windows server 2019 - |
||
microsoft windows 10 1809 |
||
microsoft windows 10 20h2 |
||
microsoft windows 11 21h2 |
||
microsoft windows 10 21h2 |
||
microsoft windows 10 22h2 |
||
microsoft windows 10 1607 |
||
microsoft windows 10 1507 |