Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_mobile:6.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-0244 |
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. Published: January 21, 2009; 3:30:00 PM -0500 |
V3.1: 8.8 HIGH V2.0: 8.5 HIGH |
CVE-2008-4540 |
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. Published: October 13, 2008; 4:00:02 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-4295 |
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. Published: September 27, 2008; 6:30:03 AM -0400 |
V3.x:(not available) V2.0: 5.4 MEDIUM |