CVE-2013-1361
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/51846
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| lenovo | thinkpad_bluetooth_with_enhanced_data_rate_software | {"endIncluding":"6.4.0.2900"} | |
References
- http://secunia.com/advisories/51846
- http://technet.microsoft.com/en-us/security/msvr/msvr13-001
- http://www.osvdb.org/89483
- http://www.securityfocus.com/bid/57504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81428
- http://secunia.com/advisories/51846
- http://technet.microsoft.com/en-us/security/msvr/msvr13-001
- http://www.osvdb.org/89483
- http://www.securityfocus.com/bid/57504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81428
Verify integrity in audit chain (admin only). AS-IS.