// For flags

CVE-2008-4295

Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service)

Severity Score

5.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no trata adecuadamente el primer intento de establecer la conexión Bluetooth a un punto con un nombre largo, lo cual permite a atacantes remotos causar denegación de servicio (reinicio de dispositivo) por la configuración de un dispositivo Bluetooth con un nombre hci largo y (1) conexión directamente al sistema Windows Mobile o (2) esperar para escanear dispositivos cercanos del sistema Windows Mobile.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-26 CVE Reserved
  • 2008-09-27 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Windows Mobile
Search vendor "Microsoft" for product "Windows Mobile"
6.0
Search vendor "Microsoft" for product "Windows Mobile" and version "6.0"
-
Affected
in Htc
Search vendor "Htc"
Mda
Search vendor "Htc" for product "Mda"
8125
Search vendor "Htc" for product "Mda" and version "8125"
-
Safe
Microsoft
Search vendor "Microsoft"
Windows Mobile
Search vendor "Microsoft" for product "Windows Mobile"
6.0
Search vendor "Microsoft" for product "Windows Mobile" and version "6.0"
-
Affected
in Htc
Search vendor "Htc"
Wiza
Search vendor "Htc" for product "Wiza"
200
Search vendor "Htc" for product "Wiza" and version "200"
-
Safe