Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0244

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2009-0244
Last Modified 05 Feb 2009 01:53:19
Published 21 Jan 2009 03:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-0244

Summary

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Operating System

  • Microsoft Windows Mobile 5.0

  • Microsoft Windows Mobile 6.0


References

XF - winmobile-obexftp-directory-traversal(48124)

MISC - http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html

BID - 33359

BUGTRAQ - 20090119 Microsoft Bluetooth Stack OBEX Directory Traversal

SREASON - 4938

SECUNIA - 33598


Last Updated: 27 May 2016 10:50:10