CVE-2005-4417

Widcomm Bluetooth for Windows <4.0.1.1500 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4417. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Widcomm Bluetooth software (CVE-2005-4417) by sending a maliciously crafted OBEX push request. It includes shellcode to achieve remote code execution on vulnerable Windows systems.

Description

The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kevin Finisterre · remotewindows
https://www.exploit-db.com/exploits/1357

This exploit targets a buffer overflow vulnerability in Widcomm Bluetooth software (CVE-2005-4417) by sending a maliciously crafted OBEX push request. It includes shellcode to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Widcomm Bluetooth Software (various versions including Belkin 1.4.2 Build 10)
No auth needed
Prerequisites: Bluetooth connectivity to the target device · Vulnerable Widcomm Bluetooth stack
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/419642/100/0/threaded

Scores

EPSS 0.0485
EPSS Percentile 90.9%

Details

Status published
Products (3)
anycom/blue_usb-130-250_software 4.0.1.1500
belkin/bluetooth_software 1.4.2_build_10
widcomm/bluetooth_for_windows 4.0.1.1500
Published Dec 20, 2005
Tracked Since Feb 18, 2026