Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_mobile:5.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-0244 |
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. Published: January 21, 2009; 3:30:00 PM -0500 |
V3.1: 8.8 HIGH V2.0: 8.5 HIGH |
CVE-2007-5460 |
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. Published: October 15, 2007; 6:17:00 PM -0400 |
V3.1: 4.6 MEDIUM V2.0: 7.1 HIGH |
CVE-2007-3362 |
ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. Published: June 22, 2007; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-0878 |
Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. Published: February 12, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-0674 |
Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. Published: February 02, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-0685 |
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. Published: February 02, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |