CVE-2005-4417

Name of the Vulnerable Software and Affected Versions Widcomm Bluetooth for Windows (BTW) versions 4.0.1.1500 and earlier Belkin Bluetooth Software version 1.4.2 Build 10 and earlier ANYCOM Blue USB-130-250 Software versions 4.0.1.1500 and earlier

Description The issue concerns the default configuration of certain Bluetooth software, which sets null Authentication and Authorization values. This allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.

Recommendations For Widcomm Bluetooth for Windows (BTW) versions 4.0.1.1500 and earlier, update the configuration to set proper Authentication and Authorization values. For Belkin Bluetooth Software version 1.4.2 Build 10 and earlier, update the configuration to set proper Authentication and Authorization values. For ANYCOM Blue USB-130-250 Software versions 4.0.1.1500 and earlier, update the configuration to set proper Authentication and Authorization values. As a temporary workaround, consider disabling the Hands Free Audio Gateway and Headset profile until a proper configuration is in place.