Description
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References (6)
Core 6
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33598
Broken Link, Exploit x_refsource_misc
http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500199/100/0/threaded
Exploit third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4938
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33359
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48124
Scores
CVSS v3
8.8
EPSS
0.3025
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
microsoft/windows_mobile
5.0 (3 CPE variants)
microsoft/windows_mobile
6.0 (3 CPE variants)
Published
Jan 21, 2009
Tracked Since
Feb 18, 2026