Lucene search

[email protected]NVD:CVE-2008-4295

HistorySep 27, 2008 - 10:30 a.m.

CVE-2008-4295

2008-09-2710:30:03

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.354

Percentile

97.2%

JSON

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

Affected configurations

Nvd

Node

microsoftwindows_mobileMatch6.0

AND

htcmdaMatch8125

htcwizaMatch200

VendorProductVersionCPE
microsoftwindows_mobile6.0cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*
htcmda8125cpe:2.3:h:htc:mda:8125:*:*:*:*:*:*:*
htcwiza200cpe:2.3:h:htc:wiza:200:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_mobile	6.0	cpe:2.3:o:microsoft:windows_mobile:6.0:::::::*
htc	mda	8125	cpe:2.3:h:htc:mda:8125:::::::*
htc	wiza	200	cpe:2.3:h:htc:wiza:200:::::::*

References

secunia.com/advisories/32066

www.securityfocus.com/bid/31420

exchange.xforce.ibmcloud.com/vulnerabilities/45463

www.exploit-db.com/exploits/6582

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.354

Percentile

97.2%

JSON

Related for NVD:CVE-2008-4295

cve1 prion1 cvelist1 exploitdb1