This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Microsoft First view 2009-01-21
Product Windows Mobile Last view 2009-01-21
Version 6.0 Type Os
Update *  
Edition standard  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:o:microsoft:windows_mobile

Activity : Overall

Related : CVE

  Date Alert Description
8.5 2009-01-21 CVE-2009-0244

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CWE : Common Weakness Enumeration

100% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

Open Source Vulnerability Database (OSVDB)

id Description
52693 Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary...