Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buffer overflow exploit on Widcomm software causes security warning
Posted on 13-Aug-2004 07:24. | Tags Filed under: News.

Widcomm's products provides a range of Bluetooth connectivity solutions for PCs, PDAs, mobile phones, headsets, digital cameras, access points, and various output devices. British security testing service Pentest says Widcomm supply their Bluetooth Communications software to other companies to allow them to integrate Bluetooth technology into their devices. They also supply Bluetooth SDK's to enable developers to create applications that use Bluetooth. Therefore it may not be immediately apparent that you are using the Widcomm Bluetooth software and version numbers may vary.

An unauthenticated remote attacker can submit various malformed service requests via Bluetooth, triggering a buffer overflow and executing arbitrary code on the vulnerable device.

On Windows platforms this allows arbitrary code execution under the context of the currently logged on user account. Pentest have tested for the reported vulnerability against BTStackServer version and on both Windows XP and Windows 98 which ships with MSI Bluetooth Dongles. They have also tested this against an Pocket PC HP iPaq 5450 running WinCE 3.0 with Bluetooth software version

Whilst the above platforms are the only platforms tested and confirmed to be exploitable by Pentest, the company says the discussions with Widcomm lead them to believe that are all versions prior to version BTW & BT-CE/PPC 3.0 are affected by this vulnerability. Widcomm has not confirmed whether BT-PPC/Phone Edition, BT-Smartphone, BTE-Mobile or BTE are vulnerable.

Pentest recommends users to set the devices to non-discoverable mode. It will not eliminate the vulnerability, but will limit exposure.

More information:

comments powered by Disqus

Trending now »

Hot discussions in our forums right now:

Rise of the machines
Created by Rikkitic, last reply by PhantomNVD on 23-Oct-2016 22:31 (22 replies)
Pages... 2

Sony XZ Owners discussion
Created by networkn, last reply by Geektastic on 23-Oct-2016 22:48 (104 replies)
Pages... 5 6 7

Gigabit cable now available
Created by sub, last reply by Pumpedd on 23-Oct-2016 10:48 (59 replies)
Pages... 2 3 4

Who is this women? She is possibly the most famous women on the internet and nobody knows who she is.
Created by jimbob79, last reply by cynnicallemon on 20-Oct-2016 13:28 (14 replies)

Labour weekend plans?
Created by DarthKermit, last reply by joker97 on 22-Oct-2016 09:51 (27 replies)
Pages... 2

Is windows 10 anniversary update causing you problems
Created by robjg63, last reply by mdav056 on 20-Oct-2016 14:01 (27 replies)
Pages... 2

Windows 10: HDMI or DP to connect to 4K monitor?
Created by joker97, last reply by joker97 on 23-Oct-2016 19:04 (12 replies)

Does anyone use Ebay?
Created by TeaLeaf, last reply by tchart on 23-Oct-2016 19:36 (23 replies)
Pages... 2