CVE-2011-1265

HIGH

Microsoft Windows Bluetooth Stack - Remote Code Execution via Crafted Bluetooth Packets

Title source: llm
STIX 2.1

Description

The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-053
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-193A.html

Scores

CVSS v3 8.8
EPSS 0.0595
EPSS Percentile 92.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (3)
bluetooth/bluetooth_stack 2.1
microsoft/windows_7
microsoft/windows_vista (2 CPE variants)
Published Jul 13, 2011
Tracked Since Feb 18, 2026