Windows Mobile Security Vulnerabilities and Issues — Windows Mobile CVE List

MicrosoftWindows Mobile

9 matches found

CVE•added 2007/10/15 10:0 p.m.•66 views

CVE-2007-5460

Microsoft ActiveSync 4.1 (used with Windows Mobile 5.0) contains a cryptographic weakness: PIN/Password is sent over USB using XOR obfuscation with a fixed key, enabling potential recovery of credentials if the host network is sniffed or the USB docking process is spoofed. Affected component/proc...

7.1CVSS4.7AI score0.02219EPSS

CVE•added 2009/01/21 8:0 p.m.•62 views

CVE-2009-0244

CVE-2009-0244 affects the OBEX FTP Service in the Microsoft Bluetooth stack on Windows Mobile 6 Professional, with probable impact on Windows Mobile 5.0 for Pocket PC and related editions. The vulnerability is a directory traversal via the ".." path segment that lets remote authenticated users li...

8.8CVSS8.3AI score0.30252EPSS

CVE•added 2007/02/12 8:0 p.m.•60 views

CVE-2007-0878

The CVE-2007-0878 entry describes an unspecified DoS in Microsoft Internet Explorer on Windows Mobile 5.0 triggered by a malformed WML page, related to an “overflow state.” The connected documents confirm the vulnerability affects Internet Explorer on Windows Mobile 5.0 and may be related to CVE-...

7.8CVSS6.3AI score0.19889EPSS

CVE•added 2007/02/03 1:0 a.m.•59 views

CVE-2007-0685

CVE-2007-0685 affects Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003/2003SE for Smartphones and PocketPC. The impact is a denial of service (application crash and device instability) via unspecified vectors, with a possible link to a buffer overflow. The connected records also re...

2.6CVSS6.9AI score0.05561EPSS

CVE•added 2007/10/18 12:0 a.m.•57 views

CVE-2007-5493

CVE-2007-5493 affects Microsoft Windows Mobile 2005 Pocket PC Phone Edition. The vulnerability exists in the SMS handler where a specially crafted WAP PUSH can cause the PDU to be decoded incorrectly, allowing an attacker to hide the original sender field of an SMS without user interaction. The c...

4.3CVSS6.5AI score0.04178EPSS

CVE•added 2007/01/08 8:0 p.m.•54 views

CVE-2006-6908

CVE-2006-6908 describes a buffer overflow in the Widcomm Bluetooth Stack COM Server. Affected components include Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth impleme...

10CVSS8.5AI score0.30212EPSS

CVE•added 2007/02/03 1:0 a.m.•50 views

CVE-2007-0674

CVE-2007-0674 affects Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003/2003SE for Smartphones and PocketPC. A malformed JPEG file can be used by a user‑assisted remote attacker over the network to cause a device hang (DoS). The root cause is malformed JPEG parsing in the affected...

7.1CVSS6.6AI score0.15759EPSS

CVE•added 2008/09/27 12:0 a.m.•40 views

CVE-2008-4295

CVE-2008-4295 affects Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125. The vulnerability arises when handling the first Bluetooth connection attempt to a peer with a long name, enabling a remote attacker to cause a denial of service (device reboot) by configuring a long HCI name and...

5.4CVSS6.8AI score0.30135EPSS

CVE•added 2008/10/13 6:0 p.m.•40 views

CVE-2008-4540

This CVE concerns Windows Mobile 6 on the HTC Hermes, where WLAN passwords are exposed to the auto-completion mechanism of the password field. The root cause is that the password input handling allows nearby attackers to retrieve credentials, enabling bypass of WLAN authentication and potential u...

2.1CVSS7.1AI score0.01983EPSS