Published: 27/09/2008 Updated: 29/09/2017
CVSS v2 Base Score: 5.4 | Impact Score: 6.9 | Exploitability Score: 4.9
VMScore: 545
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Summary

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote malicious users to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.


#!/usr/bin/perl # # ----------WM6 remote overflow reboot PoC---------- # Simple exploit for remote rebooting a windows mobile device # Maybe we can use it for doing command execution, # I've not test it since the device is rebooting and do not dump a core # for further analysing # # The bug is not realy in the long string name but when it's the fi ...