PT-2009-2916 · Microsoft · Windows Mobile +1

Name of the Vulnerable Software and Affected Versions: Windows Mobile versions 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition Windows Mobile 6 Professional Description: A directory traversal issue in the OBEX FTP Service of the Microsoft Bluetooth stack allows remote authenticated users to...

Microsoft ActiveSync弱口令混淆信息泄露漏洞

BUGTRAQ ID: 25976 CVECAN ID: CVE-2007-5460 Microsoft ActiveSync是用于同步计算机与PDA的应用程序。 ActiveSync设备建立连接口令交换的过程实现上存在漏洞，攻击者可能利用此漏洞获取口令信息。 插入到USB口时设备会使用类似于标准网络接口的连接，获得IP地址后设备会通过RAPI在990/TCP端口初始化与主机的通讯，这个过程也会经历一个小型的握手例程，如果合适的话，会对主机挑战设备PIN或口令。用户提供了主机的PIN/口令后，会通过XOR与E9固定密钥进行混淆，然后通过USB网络连接发送给设备进行验证。...

CVE-2007-0878

Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service loss of browser and other device functionality via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to...

CVE-2007-0878

The CVE-2007-0878 entry describes an unspecified DoS in Microsoft Internet Explorer on Windows Mobile 5.0 triggered by a malformed WML page, related to an “overflow state.” The connected documents confirm the vulnerability affects Internet Explorer on Windows Mobile 5.0 and may be related to CVE-...

Denial Of Service in Internet Explorer for MS Windows Mobile 5.0

Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 ----------------------------------------------------------------- Date of Release: 09/02/2007 Description: A vulnerability exists in Internet Explorer for Microsoft Windows Mobile 5.0 for smart phone and pocket PC that impacts upon...