Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2009-0244

Published: 21/01/2009 Updated: 26/01/2024
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows mobile 6.0

microsoft windows mobile 5.0

Exploits

Exploit DB: HTC / Android OBEX FTP Service Directory Traversal
HTC devices running Android versions 21 and 22 suffer from a directory traversal vulnerability in the OBEX FTP service Full details provided ...

References

CWE-22http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.htmlhttp://www.securityfocus.com/bid/33359http://securityreason.com/securityalert/4938http://secunia.com/advisories/33598https://exchange.xforce.ibmcloud.com/vulnerabilities/48124http://www.securityfocus.com/archive/1/500199/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/103171/HTC-Android-OBEX-FTP-Service-Directory-Traversal.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook