Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows_mobile:5.0:*:pocket_pc:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2041 |
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. Published: June 02, 2011; 4:55:03 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-2039 |
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. Published: June 02, 2011; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2009-0244 |
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. Published: January 21, 2009; 3:30:00 PM -0500 |
V3.1: 8.8 HIGH V2.0: 8.5 HIGH |
CVE-2007-5460 |
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. Published: October 15, 2007; 6:17:00 PM -0400 |
V3.1: 4.6 MEDIUM V2.0: 7.1 HIGH |
CVE-2007-3362 |
ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. Published: June 22, 2007; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-0878 |
Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. Published: February 12, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-0674 |
Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. Published: February 02, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-0685 |
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. Published: February 02, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-6908 |
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. Published: December 31, 2006; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |