Microsoft Security Response Center

**How do I get the update for OneDrive for Android?** 1. Tap the **Google Play** icon on your home screen. 2. Swipe in from the left edge of the screen. 3. Tap **My apps & games**. 4. Tap the Update box next to the **OneDrive app**. **Is there a direct link on the web?** Yes: https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en\_US

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

**According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability?** The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to click on a local file path link or download and run a malicious application or file.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**How could an attacker exploit this vulnerability?** An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.