CVE-2005-0978

IVT BlueSoleil 1.4 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0978. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit modifies the obextool client to perform a directory traversal attack during Bluetooth file uploads, allowing an attacker to upload a malicious file to arbitrary locations on the target system. The vulnerability lies in the Object Push Service of BlueSoleil, enabling arbitrary code execution if the file is placed in an executable path.

Description

Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · textremotewindows

https://www.exploit-db.com/exploits/25325

View Code ZIP pw:eip

This exploit modifies the obextool client to perform a directory traversal attack during Bluetooth file uploads, allowing an attacker to upload a malicious file to arbitrary locations on the target system. The vulnerability lies in the Object Push Service of BlueSoleil, enabling arbitrary code execution if the file is placed in an executable path.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: BlueSoleil (version not specified)

No auth needed

Prerequisites: Bluetooth connectivity to the target · obextool client modified as shown

MITRE ATT&CK