CVE-2008-1453 - OpenCVE

The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows-nt Windows Xp Windows Vista

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows-nt:xp:sp3::::::
	cpe:2.3:o:microsoft:windows_vista:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::

References

Link	Resource
http://secunia.com/advisories/30051	Patch Vendor Advisory
http://securitytracker.com/id?1020221	Patch
http://www.securityfocus.com/bid/29522	Patch
http://www.us-cert.gov/cas/techalerts/TA08-162B.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/1777	Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2008-06-12T01:30:00

Updated: 2018-10-12T19:57:01

Reserved: 2008-03-21T00:00:00

Link: CVE-2008-1453

JSON object: View

NVD Information

Status : Modified

Published: 2008-06-12T02:32:00.000

Modified: 2018-10-12T21:47:11.043

Link: CVE-2008-1453

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "ADV-2008-1777", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1777"}, {"name": "29522", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29522"}, {"name": "TA08-162B", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"}, {"name": "1020221", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020221"}, {"name": "MS08-030", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"}, {"name": "30051", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30051"}, {"name": "oval:org.mitre.oval:def:4730", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-1453", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1777", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1777"}, {"name": "29522", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29522"}, {"name": "TA08-162B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"}, {"name": "1020221", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020221"}, {"name": "MS08-030", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"}, {"name": "30051", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30051"}, {"name": "oval:org.mitre.oval:def:4730", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-1453", "datePublished": "2008-06-12T01:30:00", "dateReserved": "2008-03-21T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*", "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."}, {"lang": "es", "value": "La pila Bluetooth en Microsoft Windows XP SP2 y SP3, y Vista Gold y SP1 permite a atacantes fisicamente pr\u00f3ximos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una larga serie de paquetes Service Discovery Protocol (SDP)."}], "id": "CVE-2008-1453", "lastModified": "2018-10-12T21:47:11.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-12T02:32:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/30051"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://securitytracker.com/id?1020221"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29522"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1777"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}