Information disclosure in Microsoft Windows Bluetooth A2DP driver

1) Integer underflow

EUVDB-ID: #VU79169

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35387

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to integer underflow when processing AVDTP commands in Windows Bluetooth A2DP driver. An attacker with physical proximity to device can send a specially crafted packets to the system to trigger an integer underflow and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2 10.0.22621.521

Windows Server: 2012 - 2022 20H2

CPE2.3

• cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10:Gold:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10:S:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10:Mobile:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_20H2:10.0.19042.572:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_21H1:10.0.19043.985:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.1288:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1511:10.0.10586.3:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35387
https://www.zerodayinitiative.com/advisories/ZDI-23-1066/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.