CVE-2023-24871

HIGH

Windows 10 20H2-22H2 and Windows 11 21H2-22H2 - Remote Code Execution via Bluetooth Service Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-24871. PoCs published by ynwarcs.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-24871, demonstrating both RCE and LPE via heap corruption in the Windows Bluetooth service (bthserv). The exploit leverages a probabilistic approach with heap spraying and JuicyPotatoNG for privilege escalation to SYSTEM.

Description

Windows Bluetooth Service Remote Code Execution Vulnerability

Exploits (1)

nomisec WORKING POC 50 stars
by ynwarcs · poc
https://github.com/ynwarcs/CVE-2023-24871

This repository contains a functional exploit for CVE-2023-24871, demonstrating both RCE and LPE via heap corruption in the Windows Bluetooth service (bthserv). The exploit leverages a probabilistic approach with heap spraying and JuicyPotatoNG for privilege escalation to SYSTEM.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Windows 10/11 (pre-March 2023 security update)
No auth needed
Prerequisites: Bluetooth radio enabled · Unpatched Windows 10/11 system · AppContainer process with Bluetooth capability (e.g., StartMenuExperienceHost.exe)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0322
EPSS Percentile 86.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (6)
microsoft/windows_10_20h2 < 10.0.19042.2728
microsoft/windows_10_21h2 < 10.0.19044.2728
microsoft/windows_10_22h2 < 10.0.19045.2728
microsoft/windows_11_21h2 < 10.0.22000.1696
microsoft/windows_11_22h2 < 10.0.22000.1413
microsoft/windows_server_2022
Published Mar 14, 2023
Tracked Since Feb 18, 2026