Main Vulnerability Database Vulnerabilities #VU79169

Integer underflow in Windows and Windows Server - CVE-2023-35387

Published: August 8, 2023 / Updated: August 15, 2023

Vulnerability identifier: #VU79169

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-35387

CWE-ID: CWE-191

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to integer underflow when processing AVDTP commands in Windows Bluetooth A2DP driver. An attacker with physical proximity to device can send a specially crafted packets to the system to trigger an integer underflow and gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35387
https://www.zerodayinitiative.com/advisories/ZDI-23-1066/

Integer underflow in Windows and Windows Server - CVE-2023-35387

Description

Remediation

External links

Please verify you're human