Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2006-12-31 |
Product | Windows Mobile | Last view | 2009-01-21 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2009-01-21 | CVE-2009-0244 | Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
2.1 | 2008-10-13 | CVE-2008-4540 | Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. |
5.4 | 2008-09-27 | CVE-2008-4295 | Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. |
4.3 | 2007-10-17 | CVE-2007-5493 | The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. |
4.6 | 2007-10-15 | CVE-2007-5460 | Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. |
7.8 | 2007-02-12 | CVE-2007-0878 | Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. |
2.6 | 2007-02-02 | CVE-2007-0685 | Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. |
7.1 | 2007-02-02 | CVE-2007-0674 | Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. |
10 | 2006-12-31 | CVE-2006-6908 | Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
20% (1) | CWE-255 | Credentials Management |
20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
20% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-20 | Encryption Brute Forcing |
CAPEC-23 | File System Function Injection, Content Based |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-97 | Cryptanalysis |
CAPEC-139 | Relative Path Traversal |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
52693 | Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary... |
49900 | Windows Mobile on HTC Hermes Password Auto-Completion Authentication Bypass |
48789 | Microsoft Windows Mobile Bluetooth Device Name Overflow DoS |
45517 | Windows Mobile PC SMS Handler SMS Message Sender Field Spoofing |
38499 | Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption |
37587 | WIDCOMM Bluetooth Stack COM Server Unspecified Remote DoS |
36149 | Microsoft IE on Windows Mobile Unspecified Overflow DoS |
36148 | Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS |
32629 | Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS |