Critical Vulnerability Information: Vulnerability Name: Toshiba Bluetooth Stack Directory Transversal Vulnerability ID: DMA[2006-0112a] Affected Products: Toshiba Bluetooth Stack <= v4.00.23(T) Vulnerability Description: This vulnerability exists in the OBEX Push service of Toshiba Bluetooth Stack. Exploiting this flaw, an attacker can send malicious file requests to push files to any directory on the target system, thereby achieving code execution. Attack Method: - Use the tool to allow attackers to place Trojan files at any location in the file system. - During the attack, the victim must accept the connection request and specify the file storage location, enabling the attacker to place files in any directory where the user has write permissions. Impact Scope: Both version 3.x and 4.x binary files are affected, including versions downloaded from the Bluetooth SIG website and Dell drivers. Temporary Mitigation: Users should avoid accepting connection requests from unknown sources and wait for the vendor’s official response and updates.