CVE-2011-1265

Name of the Vulnerable Software and Affected Versions Windows Bluetooth 2.1 Stack versions in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1

Description A remote code execution issue exists due to improper access to objects in memory that were not correctly initialized or have been deleted. This allows remote attackers to execute arbitrary code via crafted Bluetooth packets. An attacker could exploit this issue by sending specially crafted Bluetooth packets to the target machine, potentially allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows Vista SP1 and SP2, update the Bluetooth Stack to a version that properly initializes and handles objects in memory. For Windows 7 Gold and SP1, update the Bluetooth Stack to a version that properly initializes and handles objects in memory. As a temporary workaround, consider disabling Bluetooth functionality until a patch is available.