CVE-2006-6908

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf
http://osvdb.org/37587
http://www.securityfocus.com/archive/1/455889/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:widcomm_bluetooth:1.4.1.03:*:windows:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:broadcom:widcomm_bluetooth:1.3.2.7::windows:::::
	cpe:2.3:o:broadcom:widcomm_bluetooth:1.4.2.10::windows:::::
	cpe:2.3:a:broadcom:widcomm_bluetooth:::windows:::::*
	cpe:2.3:o:microsoft:windows_ce::::::::
	cpe:2.3:o:microsoft:windows_mobile::::::::

Information

Published : 2006-12-30 21:00

Updated : 2018-10-16 09:29

NVD link : CVE-2006-6908

Mitre link : CVE-2006-6908

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

windows_mobile
windows_ce

broadcom

widcomm_bluetooth

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", "name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://osvdb.org/37587", "name": "37587", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded", "name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6908", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:broadcom:widcomm_bluetooth:1.4.1.03:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:broadcom:widcomm_bluetooth:1.3.2.7:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:broadcom:widcomm_bluetooth:1.4.2.10:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:widcomm_bluetooth:*:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3"}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_ce:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:29Z"}