CVE-2008-4295
Microsoft Windows Mobile - Improper Input Validation
Title source: ruleDescription
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Julien Bedard · perldoshardware
https://www.exploit-db.com/exploits/6582
References (4)
Scores
EPSS
0.5378
EPSS Percentile
98.0%
Details
CWE
CWE-20
Status
published
Products (1)
microsoft/windows_mobile
6.0
Published
Sep 27, 2008
Tracked Since
Feb 18, 2026