NVD

Id
47578  
Name
CVE-2009-0244  
Description
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.  
Reject
 
CVSS Version
2  
CVSS Score
8.5  
Severity
High  
CVSS Base Score
8.5  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2009-01-21  
Modified Date
2009-02-05  
Seq
2009-0244  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
238435 47578 CVE-2009-0244 4938  View
238436 47578 CVE-2009-0244 20090119 Microsoft Bluetooth Stack OBEX Directory Traversal  View
238437 47578 CVE-2009-0244 33359  View
238438 47578 CVE-2009-0244 http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html  View
238439 47578 CVE-2009-0244 winmobile-obexftp-directory-traversal(48124)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40689 JVNDB-2009-001695 Windows Mobile 6 Professional 上で稼働する Microsoft Bluetooth スタックの OBEX FTP サービス、 Pocket PC および Pocket PC Phone Edition 5.0 用の Windows Mobile 5.0 におけるディレクトリトラバーサルの脆弱性 Windows Mobile 6 Professional の Microsoft Bluetooth スタックの OBEX FTP サービス、および場合によって Pocket PC 、 Pocket PC Phone Edition 5.0 用の Windows Mobile 5.0 には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2009-0244 37675 CVE-2009-0244 47578 8.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001695.html 2009-01-21 2009-07-08 View