Lucene search

MitreCVE-2009-0244

HistoryJan 21, 2009 - 8:30 p.m.

CVE-2009-0244

2009-01-2120:30:00

CWE-22

mitre

web.nvd.nist.gov

directory traversal

obex ftp service

microsoft bluetooth stack

windows mobile

cve-2009-0244

code execution

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a … (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

Nvd

Node

microsoftwindows_mobileMatch5.0

microsoftwindows_mobileMatch5.0pocket_pc

microsoftwindows_mobileMatch5.0smartphone

microsoftwindows_mobileMatch6.0

microsoftwindows_mobileMatch6.0pro

microsoftwindows_mobileMatch6.0standard

VendorProductVersionCPE
microsoftwindows_mobile5.0cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*
microsoftwindows_mobile5.0cpe:2.3:o:microsoft:windows_mobile:5.0:*:pocket_pc:*:*:*:*:*
microsoftwindows_mobile5.0cpe:2.3:o:microsoft:windows_mobile:5.0:*:smartphone:*:*:*:*:*
microsoftwindows_mobile6.0cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*
microsoftwindows_mobile6.0cpe:2.3:o:microsoft:windows_mobile:6.0:*:pro:*:*:*:*:*
microsoftwindows_mobile6.0cpe:2.3:o:microsoft:windows_mobile:6.0:*:standard:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_mobile	5.0	cpe:2.3:o:microsoft:windows_mobile:5.0:::::::*
microsoft	windows_mobile	5.0	cpe:2.3:o:microsoft:windows_mobile:5.0::pocket_pc:::::
microsoft	windows_mobile	5.0	cpe:2.3:o:microsoft:windows_mobile:5.0::smartphone:::::
microsoft	windows_mobile	6.0	cpe:2.3:o:microsoft:windows_mobile:6.0:::::::*
microsoft	windows_mobile	6.0	cpe:2.3:o:microsoft:windows_mobile:6.0::pro:::::
microsoft	windows_mobile	6.0	cpe:2.3:o:microsoft:windows_mobile:6.0::standard:::::

References

secunia.com/advisories/33598

securityreason.com/securityalert/4938

www.securityfocus.com/archive/1/500199/100/0/threaded

www.securityfocus.com/bid/33359

www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html

exchange.xforce.ibmcloud.com/vulnerabilities/48124

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON

Related for CVE-2009-0244