{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Windows Vista x64 Edition ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows XP x64 Edition ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows XP Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Vista x64 Edition Service Pack 1.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows XP Service Pack 3 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Vista Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows XP x64 Edition Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Vista ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la mise en \u0153uvre de la pile\nBluetooth par Windows. Sous certaines conditions, le syst\u00e8me\nd'exploitation ne g\u00e9rerait pas correctement la r\u00e9ception de multiples\ntrames SDP (Service Discovery Protocol). Ce protocole permet entre\nautres de d\u00e9terminer la liste et les caract\u00e9ristiques des services\nBluetooth offerts par l'appareil distant.\n\nLa vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par une personne malveillante \u00e0\ndistance pour ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable. Le\nsyst\u00e8me doit a fortiori disposer d'une interface Bluetooth active.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-030 de Microsoft pour\nl'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-1453","url":"https://www.cve.org/CVERecord?id=CVE-2008-1453"}],"links":[{"title":"Bloc-notes Microsoft, commentaires sur la mise \u00e0 jour    MS08-030 :","url":"http://blogs.microsoft.com/swi/archive/2008/06/10/ms08-030-all-bark-and-no-bite-the-case-of-the-bluetooth-update.aspx"},{"title":"Pr\u00e9sentation du protocole SDP (Service Discovery Protocol)    :","url":"http://www.palowireless.com/infotooth/tutorial/sdp.asp"},{"title":"Documentation officielle SDP sur le site SIG Bluetooth :","url":"http://www.bluetooth.org"}],"reference":"CERTA-2008-AVI-303","revisions":[{"description":"version initiale.","revision_date":"2008-06-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la mise en \u0153uvre de la pile\nBluetooth par Windows. Elle peut \u00eatre exploit\u00e9e par une personne\nmalveillante \u00e0 distance, via Bluetooth, pour ex\u00e9cuter du code arbitraire\nsur le syst\u00e8me vuln\u00e9rable.\n","title":"Vuln\u00e9rabilit\u00e9 de la pile Bluetooth Windows","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS08-030 du 10 juin 2008","url":"http://www.microsoft.com/technet/security/Bulletin/MS08-030.mspx"}]}