CVSS: 6.2EPSS: 40%CPEs: 3EXPL: 1CVE-2008-4295 – Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service)
https://notcve.org/view.php?id=CVE-2008-4295
27 Sep 2008 — Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no... • https://www.exploit-db.com/exploits/6582 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 0CVE-2007-5493
https://notcve.org/view.php?id=CVE-2007-5493
18 Oct 2007 — The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. El manejador SMS para Windows Mobile 2005 Pocket PC Phone edition permite a atacantes remotos esconder el campo remitente (sender) en un mensaje SMS mediante un mensaje WAP PUSH mal formado que provoca que la PDU sea decodificada incorrectamente. • http://osvdb.org/45517 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5460
https://notcve.org/view.php?id=CVE-2007-5460
15 Oct 2007 — Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. Microsoft ActiveSync versión 4.1, como es usado en Windows Mobile versión 5.0, utiliza un cifrado débil (ofuscación XOR con una clave fija) cuando se envía el PIN y Contraseña del u... • http://osvdb.org/38499 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3445
https://notcve.org/view.php?id=CVE-2007-3445
27 Jun 2007 — Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. Desbordamiento de búfer en SJ Labs SJphone 1.60.303c, al ejecutarse bajo Windows Mobile 2003 en el teléfono Samsung SCH-i730, permite a atacantes remotos provocar una denegación de servicio (cuelgue del dispositivo y terminación de... • http://osvdb.org/45404 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3351
https://notcve.org/view.php?id=CVE-2007-3351
22 Jun 2007 — The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. El software de teléfono SJPhone SIP 1.60.303c, cuando se instala en Dell Axim X3 ejecutando Windows Mobile 2003, permite a atacantes remotos provocar una denegación de servicio (cuelgue de dispositivo y amplificación de trá... • http://www.securityfocus.com/bid/24549 •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3362
https://notcve.org/view.php?id=CVE-2007-3362
22 Jun 2007 — ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. ageet AGEphone versiones anteriores a 1.6.2, corriendo en Windows Mobile 5 en dispositivo HTC HyTN Pocket PC, permite a atacantes remotos (1) pr... • http://osvdb.org/37729 •
CVSS: 7.8EPSS: 30%CPEs: 1EXPL: 0CVE-2007-0878
https://notcve.org/view.php?id=CVE-2007-0878
12 Feb 2007 — Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. Vulnerabilidad no especificada en Microsoft Internet Explorer en Windows Mobile 5.0 permite a atacantes remotos provocar una denegación de servicio (pérdida del navegador y otras funcionalidades del disposit... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html •
CVSS: 7.1EPSS: 34%CPEs: 4EXPL: 0CVE-2007-0674
https://notcve.org/view.php?id=CVE-2007-0674
03 Feb 2007 — Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. Imágenes y Videos en el Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (cuelgue del dispositivo) mediante un fichero JPEG mal formado. • http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws •
CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 0CVE-2007-0685
https://notcve.org/view.php?id=CVE-2007-0685
03 Feb 2007 — Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. Internet Explorer en Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos provocar una denegación de servicio (caída de aplicación e inestabilidad de dispositivo) mediante vectores desconocidos, posible... • http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws •
CVSS: 10.0EPSS: 50%CPEs: 6EXPL: 0CVE-2006-6908
https://notcve.org/view.php?id=CVE-2006-6908
31 Dec 2006 — Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en la e... • http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf •