Vulnerabilites related to microsoft - windows_mobile
Vulnerability from fkie_nvd
Published
2011-06-02 19:55
Modified
2024-11-21 01:27
Severity ?
Summary
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | * | |
| cisco | anyconnect_secure_mobility_client | 2.0 | |
| cisco | anyconnect_secure_mobility_client | 2.1 | |
| cisco | anyconnect_secure_mobility_client | 2.2 | |
| cisco | anyconnect_secure_mobility_client | 2.2.128 | |
| cisco | anyconnect_secure_mobility_client | 2.2.133 | |
| cisco | anyconnect_secure_mobility_client | 2.2.136 | |
| cisco | anyconnect_secure_mobility_client | 2.2.140 | |
| microsoft | windows | * | |
| microsoft | windows_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29845E2B-0BED-4C8F-8A41-260D6E9ECB1B",
"versionEndIncluding": "2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B522088-2084-491B-98F0-3E3CCD88131F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA179B71-AC81-4587-8FB1-0466B2550975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "210B66BB-4E2C-4D9E-BFBB-69916A42287C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*",
"matchCriteriaId": "B77EB2C9-BACE-46EA-AA72-FF1C7EB1A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*",
"matchCriteriaId": "06527370-E73A-40FF-8E02-E0337536C7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*",
"matchCriteriaId": "A617295C-F518-4BC7-8442-E476448D8F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*",
"matchCriteriaId": "E71A1D6B-8E87-4E3A-A1AE-DE44C2C348F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de ayuda en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.185 para Windows y Windows Mobile, descarga un archivo de cliente ejecutable, sin verificar su autenticidad, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por suplantaci\u00f3n de identidad del servidor VPN. Error tambi\u00e9n conocido como Bug ID CSCsy00904."
}
],
"id": "CVE-2011-2039",
"lastModified": "2024-11-21T01:27:30.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-02T19:55:04.373",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"
},
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/72714"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8272"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"source": "psirt@cisco.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/490097"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025591"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/490097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-15 22:17
Modified
2024-11-21 00:37
Severity ?
Summary
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | activesync | 4.1 | |
| microsoft | windows_mobile | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:activesync:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17BFED1-CAE1-4A94-AC66-1D41365E050B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188596B9-7646-4841-B684-B224B48B3F15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user\u0027s PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process."
},
{
"lang": "es",
"value": "Microsoft ActiveSync versi\u00f3n 4.1, como es usado en Windows Mobile versi\u00f3n 5.0, utiliza un cifrado d\u00e9bil (ofuscaci\u00f3n XOR con una clave fija) cuando se env\u00eda el PIN y Contrase\u00f1a del usuario por medio de la conexi\u00f3n USB desde el host hacia el dispositivo, lo que podr\u00eda facilitar a atacantes decodificar un PIN y Contrase\u00f1a obtenida al (1) espiar o (2) falsificar el proceso de acoplamiento."
}
],
"id": "CVE-2007-5460",
"lastModified": "2024-11-21T00:37:56.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2007-10-15T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38499"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3232"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/482299/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25976"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/482299/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37223"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2024-11-21 00:59
Severity ?
Summary
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_mobile | 5.0 | |
| microsoft | windows_mobile | 5.0 | |
| microsoft | windows_mobile | 5.0 | |
| microsoft | windows_mobile | 6.0 | |
| microsoft | windows_mobile | 6.0 | |
| microsoft | windows_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188596B9-7646-4841-B684-B224B48B3F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:pocket_pc:*:*:*:*:*",
"matchCriteriaId": "923D7E31-E220-41C5-A8CE-2E9B5D1592A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:smartphone:*:*:*:*:*",
"matchCriteriaId": "92EDBE39-3281-4CD0-9D33-1588C5D0A8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F2E86B-81CA-45D7-94B4-048F0A01650C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:pro:*:*:*:*:*",
"matchCriteriaId": "CFEFCF17-883B-4BCC-B507-389D1C58F454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "E8239CB3-919E-4EEE-A694-DED5CCBA1F5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el Servicio OBEX FTP en la pila de Microsoft Bluetooth en Windows Mobile 6 Professional, y probablemente Windows Mobile 5.0 para Pocket PC y 5.0 para Pocket PC Phone Edition, permite a usuarios remotamente autentificados listar directorios de su elecci\u00f3n y crear o leer archivos de su elecci\u00f3n mediante .. (punto punto) en un nombre de ruta. NOTA: esto se puede utilizar para ejecuci\u00f3n de c\u00f3digo escribiendo en una carpeta de Inicio (Startup)."
}
],
"evaluatorImpact": "per: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html\n\n\"Non vulnerable products: Windows Mobile devices 5.0 and 6 not using Microsoft Bluetooth Stack (for example: ASUS P525, ASUS P535, ... using Widcomm/Broadcom Bluetooth Stack)\"",
"id": "CVE-2009-0244",
"lastModified": "2024-11-21T00:59:25.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-01-21T20:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33598"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/4938"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33359"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/4938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-22 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188596B9-7646-4841-B684-B224B48B3F15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:htc:hytn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2823AE15-3E2D-49AE-AB78-86D26ECD4B0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ageet:agephone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C963B996-8924-47D5-A569-1036D11C1024",
"versionEndIncluding": "1.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter."
},
{
"lang": "es",
"value": "ageet AGEphone versiones anteriores a 1.6.2, corriendo en Windows Mobile 5 en dispositivo HTC HyTN Pocket PC, permite a atacantes remotos (1) provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de llamada y cuelgue de dispositivo) mediante un mensaje SIP con cabecera malformada y (2) provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de llamada, indicaci\u00f3n de llamada falsa, y apagado de dispositivo) mediante un menaje SIP con delimitador SDP malformado."
}
],
"id": "CVE-2007-3362",
"lastModified": "2024-11-21T00:33:02.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37729"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25781"
},
{
"source": "cve@mitre.org",
"url": "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24540"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24543"
},
{
"source": "cve@mitre.org",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=214\u0026"
},
{
"source": "cve@mitre.org",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=215\u0026"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=214\u0026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=215\u0026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-13 20:00
Modified
2024-11-21 00:51
Severity ?
Summary
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| htc | hermes | * | |
| microsoft | windows_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:htc:hermes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E94943F8-4522-4ADC-8B97-10506F70EFA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F2E86B-81CA-45D7-94B4-048F0A01650C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access."
},
{
"lang": "es",
"value": "Windows Mobile 6 en dispositivos HTC Hermes deja activado el mecanismo de auto-completado de las contrase\u00f1as de la WLAN, lo cual permite a atacantes f\u00edsicamente pr\u00f3ximos al dispositivo evitar la autenticaci\u00f3n de la contrase\u00f1a y obtener acceso a la WLAN."
}
],
"id": "CVE-2008-4540",
"lastModified": "2024-11-21T00:51:55.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-13T20:00:02.293",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4402"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497151/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497151/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-02 20:55
Modified
2024-11-21 01:27
Severity ?
Summary
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | * | |
| cisco | anyconnect_secure_mobility_client | 2.0 | |
| cisco | anyconnect_secure_mobility_client | 2.1 | |
| cisco | anyconnect_secure_mobility_client | 2.2 | |
| cisco | anyconnect_secure_mobility_client | 2.2.128 | |
| cisco | anyconnect_secure_mobility_client | 2.2.133 | |
| cisco | anyconnect_secure_mobility_client | 2.2.136 | |
| cisco | anyconnect_secure_mobility_client | 2.2.140 | |
| cisco | anyconnect_secure_mobility_client | 2.3 | |
| cisco | anyconnect_secure_mobility_client | 2.3.185 | |
| microsoft | windows | * | |
| microsoft | windows_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E277CA-0339-4883-B846-1996DBB3ECB8",
"versionEndIncluding": "2.3.2016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B522088-2084-491B-98F0-3E3CCD88131F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA179B71-AC81-4587-8FB1-0466B2550975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "210B66BB-4E2C-4D9E-BFBB-69916A42287C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*",
"matchCriteriaId": "B77EB2C9-BACE-46EA-AA72-FF1C7EB1A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*",
"matchCriteriaId": "06527370-E73A-40FF-8E02-E0337536C7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*",
"matchCriteriaId": "A617295C-F518-4BC7-8442-E476448D8F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*",
"matchCriteriaId": "E71A1D6B-8E87-4E3A-A1AE-DE44C2C348F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AD6158-17AB-443D-8EC1-5FDE5852CAEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBF395D-9E90-44C1-8E99-3631FFF24487",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556."
},
{
"lang": "es",
"value": "La funcionalidad de comienzo Antes de inicio de sesi\u00f3n (SBL) en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.254 en Windows, y Windows Mobile, permite a usuarios locales conseguir privilegios a trav\u00e9s de una interacci\u00f3n no especificada con la interfaz de usuario. Error tambi\u00e9n conocido como Bug ID CSCta40556."
}
],
"id": "CVE-2011-2041",
"lastModified": "2024-11-21T01:27:30.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-02T20:55:03.543",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/72716"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/48077"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025591"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-27 10:30
Modified
2024-11-21 00:51
Severity ?
Summary
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F2E86B-81CA-45D7-94B4-048F0A01650C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:htc:mda:8125:*:*:*:*:*:*:*",
"matchCriteriaId": "2B038B84-F19A-4235-94B0-0604A6AC9BD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:htc:wiza:200:*:*:*:*:*:*:*",
"matchCriteriaId": "76A4A26F-4944-4802-B0E1-A87B67AEE4D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."
},
{
"lang": "es",
"value": "Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no trata adecuadamente el primer intento de establecer la conexi\u00f3n Bluetooth a un punto con un nombre largo, lo cual permite a atacantes remotos causar denegaci\u00f3n de servicio (reinicio de dispositivo) por la configuraci\u00f3n de un dispositivo Bluetooth con un nombre hci largo y (1) conexi\u00f3n directamente al sistema Windows Mobile o (2) esperar para escanear dispositivos cercanos del sistema Windows Mobile."
}
],
"id": "CVE-2008-4295",
"lastModified": "2024-11-21T00:51:19.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-27T10:30:03.600",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32066"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31420"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6582"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-27 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_mobile | 2003 | |
| sj_labs | sjphone | 1.60.303c | |
| securecomputing | sch_i730_phone | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0793F3D0-B1E8-474F-A2E5-5B4BBE7E9B05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sj_labs:sjphone:1.60.303c:*:*:*:*:*:*:*",
"matchCriteriaId": "2A007CC4-DA6B-4A9B-B959-AEBE7BECB935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sch_i730_phone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34D42AAF-BBFA-4E4D-AFF4-ECB283FEFC08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en SJ Labs SJphone 1.60.303c, al ejecutarse bajo Windows Mobile 2003 en el tel\u00e9fono Samsung SCH-i730, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del dispositivo y terminaci\u00f3n de la llamada) mediante mensajes SIP INVITE mal formados, una vulnerabilidad diferente de CVE-2007-3351."
}
],
"id": "CVE-2007-3445",
"lastModified": "2024-11-21T00:33:15.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-27T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45404"
},
{
"source": "cve@mitre.org",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=216\u0026"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=216\u0026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-03 01:28
Modified
2024-11-21 00:26
Severity ?
Summary
Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_mobile | * | |
| microsoft | windows_mobile | 5.0 | |
| microsoft | windows_mobile | 2003 | |
| microsoft | windows_mobile | 2003_se |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188596B9-7646-4841-B684-B224B48B3F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0793F3D0-B1E8-474F-A2E5-5B4BBE7E9B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2003_se:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF35745-6A84-49B2-9E30-E78F699F3219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file."
},
{
"lang": "es",
"value": "Im\u00e1genes y Videos en el Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (cuelgue del dispositivo) mediante un fichero JPEG mal formado."
}
],
"id": "CVE-2007-0674",
"lastModified": "2024-11-21T00:26:27.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-03T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36148"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22343"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:23
Severity ?
Summary
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | widcomm_bluetooth | 1.4.1.03 | |
| broadcom | widcomm_bluetooth | * | |
| broadcom | widcomm_bluetooth | 1.3.2.7 | |
| broadcom | widcomm_bluetooth | 1.4.2.10 | |
| microsoft | windows_embedded_compact | * | |
| microsoft | windows_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:widcomm_bluetooth:1.4.1.03:*:windows:*:*:*:*:*",
"matchCriteriaId": "21324BCD-F525-4DD8-8860-C6744F0A6EA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:widcomm_bluetooth:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "292A0E2F-5536-4C73-9B6C-02074F06A490",
"versionEndIncluding": "3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:widcomm_bluetooth:1.3.2.7:*:windows:*:*:*:*:*",
"matchCriteriaId": "4028E5BC-625E-448E-9C9D-98DB70E647CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:widcomm_bluetooth:1.4.2.10:*:windows:*:*:*:*:*",
"matchCriteriaId": "A86B6AC9-D1C8-4D8B-B744-B041BD255089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4C5281-4CF0-4BCE-BF7D-391149F38E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la el Servidor COM de Pila Bluetooth de la pila Bluetooth Widcomm, empaquetada en Pila Widcomm 3.x y anteriores en Windows, Widcomm BTStackServer 1.4.2.10 y 1.3.2.7 en Windows, Widcomm Bluetooth Communication Software 1.4.1.03 en Windows, y la implementaci\u00f3n de Bluetooth en Windows Mobile o Windows CE en las HP IPAQ 2215 y 5450, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2006-6908",
"lastModified": "2024-11-21T00:23:56.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37587"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-22 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0793F3D0-B1E8-474F-A2E5-5B4BBE7E9B05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:axim_x3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BA8CB-4FED-4021-A7CE-5F9F6DC0B42E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sj_labs:sjphone:1.60.303c:*:*:*:*:*:*:*",
"matchCriteriaId": "2A007CC4-DA6B-4A9B-B959-AEBE7BECB935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets."
},
{
"lang": "es",
"value": "El software de tel\u00e9fono SJPhone SIP 1.60.303c, cuando se instala en Dell Axim X3 ejecutando Windows Mobile 2003, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de dispositivo y amplificaci\u00f3n de tr\u00e1fico) mediante una transacci\u00f3n INVITE manipulada, que provoca que el tel\u00e9fono transmita muchos paquetes RTP."
}
],
"id": "CVE-2007-3351",
"lastModified": "2024-11-21T00:33:01.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24549"
},
{
"source": "cve@mitre.org",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=217\u0026"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=217\u0026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-03 01:28
Modified
2024-11-21 00:26
Severity ?
Summary
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_mobile | * | |
| microsoft | windows_mobile | 5.0 | |
| microsoft | windows_mobile | 2003 | |
| microsoft | windows_mobile | 2003_se |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188596B9-7646-4841-B684-B224B48B3F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0793F3D0-B1E8-474F-A2E5-5B4BBE7E9B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2003_se:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF35745-6A84-49B2-9E30-E78F699F3219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow."
},
{
"lang": "es",
"value": "Internet Explorer en Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n e inestabilidad de dispositivo) mediante vectores desconocidos, posiblemente referido a desbordamiento de b\u00fafer."
}
],
"id": "CVE-2007-0685",
"lastModified": "2024-11-21T00:26:29.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-03T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36149"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22343"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-12 20:28
Modified
2024-11-21 00:26
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_mobile | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188596B9-7646-4841-B684-B224B48B3F15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an \"overflow state.\" NOTE: it is possible that this issue is related to CVE-2007-0685."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Microsoft Internet Explorer en Windows Mobile 5.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida del navegador y otras funcionalidades del dispositivo) mediante una p\u00e1gina WML mal formada, relacionado con un \"estado de desbordamiento\". NOTA: es posible que este problema est\u00e9 relacionado con CVE-2007-0685."
}
],
"id": "CVE-2007-0878",
"lastModified": "2024-11-21T00:26:57.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-12T20:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32629"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22500"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-18 00:17
Modified
2024-11-21 00:38
Severity ?
Summary
The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_mobile | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_mobile:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "DF197B41-BEB1-46F3-880C-2081487A8101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded."
},
{
"lang": "es",
"value": "El manejador SMS para Windows Mobile 2005 Pocket PC Phone edition permite a atacantes remotos esconder el campo remitente (sender) en un mensaje SMS mediante un mensaje WAP PUSH mal formado que provoca que la PDU sea decodificada incorrectamente."
}
],
"id": "CVE-2007-5493",
"lastModified": "2024-11-21T00:38:01.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-18T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45517"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482446/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26091"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482446/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37249"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2007-5493
Vulnerability from cvelistv5
Published
2007-10-18 00:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37249 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/45517 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26091 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt | x_refsource_MISC | |
| http://securitytracker.com/id?1018832 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/482446/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:59.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "win-mobile-sms-obfuscation(37249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37249"
},
{
"name": "45517",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45517"
},
{
"name": "26091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt"
},
{
"name": "1018832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018832"
},
{
"name": "20071017 SYMSA-2007-011: Microsoft WM5 PocketPC Phone Ed SMS Handler Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482446/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "win-mobile-sms-obfuscation(37249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37249"
},
{
"name": "45517",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45517"
},
{
"name": "26091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt"
},
{
"name": "1018832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018832"
},
{
"name": "20071017 SYMSA-2007-011: Microsoft WM5 PocketPC Phone Ed SMS Handler Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482446/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-mobile-sms-obfuscation(37249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37249"
},
{
"name": "45517",
"refsource": "OSVDB",
"url": "http://osvdb.org/45517"
},
{
"name": "26091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26091"
},
{
"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-011.txt"
},
{
"name": "1018832",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018832"
},
{
"name": "20071017 SYMSA-2007-011: Microsoft WM5 PocketPC Phone Ed SMS Handler Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482446/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5493",
"datePublished": "2007-10-18T00:00:00",
"dateReserved": "2007-10-17T00:00:00",
"dateUpdated": "2024-08-07T15:31:59.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0878
Vulnerability from cvelistv5
Published
2007-02-12 20:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/459584/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/459591/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/22500 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/459571/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/32629 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32394 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"name": "20070209 Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"name": "20070209 RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"name": "22500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22500"
},
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"name": "32629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32629"
},
{
"name": "ie-mobile-wml-dos(32394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an \"overflow state.\" NOTE: it is possible that this issue is related to CVE-2007-0685."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"name": "20070209 Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"name": "20070209 RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"name": "22500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22500"
},
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"name": "32629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32629"
},
{
"name": "ie-mobile-wml-dos(32394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an \"overflow state.\" NOTE: it is possible that this issue is related to CVE-2007-0685."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"name": "20070209 Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"name": "20070209 RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"name": "22500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22500"
},
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"name": "32629",
"refsource": "OSVDB",
"url": "http://osvdb.org/32629"
},
{
"name": "ie-mobile-wml-dos(32394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0878",
"datePublished": "2007-02-12T20:00:00",
"dateReserved": "2007-02-12T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3351
Vulnerability from cvelistv5
Published
2007-06-22 18:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=217& | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35078 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24549 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=217\u0026"
},
{
"name": "sjphone-sip-rtp-dos(35078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078"
},
{
"name": "24549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=217\u0026"
},
{
"name": "sjphone-sip-rtp-dos(35078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078"
},
{
"name": "24549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=217\u0026",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=217\u0026"
},
{
"name": "sjphone-sip-rtp-dos(35078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078"
},
{
"name": "24549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3351",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-22T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0685
Vulnerability from cvelistv5
Published
2007-02-03 01:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/36149 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32001 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/0434 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/22343 | vdb-entry, x_refsource_BID | |
| http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36149"
},
{
"name": "ie-mobile-unspecified-dos(32001)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32001"
},
{
"name": "ADV-2007-0434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"name": "22343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22343"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36149"
},
{
"name": "ie-mobile-unspecified-dos(32001)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32001"
},
{
"name": "ADV-2007-0434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"name": "22343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22343"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36149",
"refsource": "OSVDB",
"url": "http://osvdb.org/36149"
},
{
"name": "ie-mobile-unspecified-dos(32001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32001"
},
{
"name": "ADV-2007-0434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"name": "22343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22343"
},
{
"name": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/",
"refsource": "MISC",
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0685",
"datePublished": "2007-02-03T01:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2041
Vulnerability from cvelistv5
Published
2011-06-02 20:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/72716 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1025591 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/48077 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"name": "72716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72716"
},
{
"name": "1025591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025591"
},
{
"name": "48077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-11T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"name": "72716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72716"
},
{
"name": "1025591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025591"
},
{
"name": "48077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"name": "72716",
"refsource": "OSVDB",
"url": "http://osvdb.org/72716"
},
{
"name": "1025591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025591"
},
{
"name": "48077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-2041",
"datePublished": "2011-06-02T20:00:00",
"dateReserved": "2011-05-10T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4295
Vulnerability from cvelistv5
Published
2008-09-27 00:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45463 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32066 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31420 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/6582 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:35.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "windowsmobile-bluetooth-dos(45463)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"
},
{
"name": "32066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32066"
},
{
"name": "31420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31420"
},
{
"name": "6582",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "windowsmobile-bluetooth-dos(45463)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"
},
{
"name": "32066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32066"
},
{
"name": "31420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31420"
},
{
"name": "6582",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "windowsmobile-bluetooth-dos(45463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"
},
{
"name": "32066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32066"
},
{
"name": "31420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31420"
},
{
"name": "6582",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4295",
"datePublished": "2008-09-27T00:00:00",
"dateReserved": "2008-09-26T00:00:00",
"dateUpdated": "2024-08-07T10:08:35.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5460
Vulnerability from cvelistv5
Published
2007-10-15 22:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/38499 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25976 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37223 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/482299/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3232 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38499"
},
{
"name": "25976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25976"
},
{
"name": "microsoft-activesync-weak-encryption(37223)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37223"
},
{
"name": "20071015 SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482299/100/0/threaded"
},
{
"name": "3232",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user\u0027s PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38499"
},
{
"name": "25976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25976"
},
{
"name": "microsoft-activesync-weak-encryption(37223)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37223"
},
{
"name": "20071015 SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482299/100/0/threaded"
},
{
"name": "3232",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user\u0027s PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38499",
"refsource": "OSVDB",
"url": "http://osvdb.org/38499"
},
{
"name": "25976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25976"
},
{
"name": "microsoft-activesync-weak-encryption(37223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37223"
},
{
"name": "20071015 SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482299/100/0/threaded"
},
{
"name": "3232",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5460",
"datePublished": "2007-10-15T22:00:00",
"dateReserved": "2007-10-15T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0244
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33598 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/500199/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/4938 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/33359 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48124 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"name": "20090119 Microsoft Bluetooth Stack OBEX Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"name": "4938",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4938"
},
{
"name": "33359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33359"
},
{
"name": "winmobile-obexftp-directory-traversal(48124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"name": "20090119 Microsoft Bluetooth Stack OBEX Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"name": "4938",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4938"
},
{
"name": "33359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33359"
},
{
"name": "winmobile-obexftp-directory-traversal(48124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33598"
},
{
"name": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"name": "20090119 Microsoft Bluetooth Stack OBEX Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"name": "4938",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4938"
},
{
"name": "33359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33359"
},
{
"name": "winmobile-obexftp-directory-traversal(48124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0244",
"datePublished": "2009-01-21T20:00:00",
"dateReserved": "2009-01-21T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3445
Vulnerability from cvelistv5
Published
2007-06-27 00:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45404 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35076 | vdb-entry, x_refsource_XF | |
| http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=216& | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:13.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45404",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45404"
},
{
"name": "sjphone-sip-invite-dos(35076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=216\u0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45404",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45404"
},
{
"name": "sjphone-sip-invite-dos(35076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=216\u0026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45404",
"refsource": "OSVDB",
"url": "http://osvdb.org/45404"
},
{
"name": "sjphone-sip-invite-dos(35076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=216\u0026",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=216\u0026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3445",
"datePublished": "2007-06-27T00:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:14:13.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0674
Vulnerability from cvelistv5
Published
2007-02-03 01:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32002 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/0434 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/22343 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/36148 | vdb-entry, x_refsource_OSVDB | |
| http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "picturesvideos-jpeg-dos(32002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32002"
},
{
"name": "ADV-2007-0434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"name": "22343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22343"
},
{
"name": "36148",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "picturesvideos-jpeg-dos(32002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32002"
},
{
"name": "ADV-2007-0434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"name": "22343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22343"
},
{
"name": "36148",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "picturesvideos-jpeg-dos(32002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32002"
},
{
"name": "ADV-2007-0434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0434"
},
{
"name": "22343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22343"
},
{
"name": "36148",
"refsource": "OSVDB",
"url": "http://osvdb.org/36148"
},
{
"name": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/",
"refsource": "MISC",
"url": "http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0674",
"datePublished": "2007-02-03T01:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4540
Vulnerability from cvelistv5
Published
2008-10-13 18:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4402 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45857 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/497151/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4402",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4402"
},
{
"name": "windowsmobile-hermes-security-bypass(45857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857"
},
{
"name": "20081008 Windows Mobile 6 insecure password handling and too short WLAN-password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497151/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4402",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4402"
},
{
"name": "windowsmobile-hermes-security-bypass(45857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857"
},
{
"name": "20081008 Windows Mobile 6 insecure password handling and too short WLAN-password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497151/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4402",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4402"
},
{
"name": "windowsmobile-hermes-security-bypass(45857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857"
},
{
"name": "20081008 Windows Mobile 6 insecure password handling and too short WLAN-password",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497151/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4540",
"datePublished": "2008-10-13T18:00:00",
"dateReserved": "2008-10-13T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3362
Vulnerability from cvelistv5
Published
2007-06-22 18:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35067 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24540 | vdb-entry, x_refsource_BID | |
| http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=215& | x_refsource_MISC | |
| http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=214& | x_refsource_MISC | |
| http://secunia.com/advisories/25781 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ageet.com/us/agephone/help/index.htm#vers | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/24543 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/37729 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "agephone-sip-message-dos(35067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
},
{
"name": "24540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=215\u0026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=214\u0026"
},
{
"name": "25781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25781"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"name": "24543",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24543"
},
{
"name": "37729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "agephone-sip-message-dos(35067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
},
{
"name": "24540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=215\u0026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=214\u0026"
},
{
"name": "25781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25781"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"name": "24543",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24543"
},
{
"name": "37729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "agephone-sip-message-dos(35067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
},
{
"name": "24540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24540"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=215\u0026",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=215\u0026"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=214\u0026",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=214\u0026"
},
{
"name": "25781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25781"
},
{
"name": "http://www.ageet.com/us/agephone/help/index.htm#vers",
"refsource": "CONFIRM",
"url": "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"name": "24543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24543"
},
{
"name": "37729",
"refsource": "OSVDB",
"url": "http://osvdb.org/37729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3362",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-22T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6908
Vulnerability from cvelistv5
Published
2007-01-08 20:00
Modified
2024-08-07 20:42
Severity ?
EPSS score ?
Summary
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/455889/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/37587 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37587",
"refsource": "OSVDB",
"url": "http://osvdb.org/37587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6908",
"datePublished": "2007-01-08T20:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2039
Vulnerability from cvelistv5
Published
2011-06-02 19:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/72714 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml | vendor-advisory, x_refsource_CISCO | |
| http://securityreason.com/securityalert/8272 | third-party-advisory, x_refsource_SREASON | |
| http://www.securitytracker.com/id?1025591 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/490097 | third-party-advisory, x_refsource_CERT-VN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909 | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67739 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72714"
},
{
"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"name": "8272",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8272"
},
{
"name": "1025591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025591"
},
{
"name": "VU#490097",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/490097"
},
{
"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"
},
{
"name": "cisco-asmc-helper-code-execution(67739)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "72714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72714"
},
{
"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"name": "8272",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8272"
},
{
"name": "1025591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025591"
},
{
"name": "VU#490097",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/490097"
},
{
"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"
},
{
"name": "cisco-asmc-helper-code-execution(67739)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72714",
"refsource": "OSVDB",
"url": "http://osvdb.org/72714"
},
{
"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"
},
{
"name": "8272",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8272"
},
{
"name": "1025591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025591"
},
{
"name": "VU#490097",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/490097"
},
{
"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"
},
{
"name": "cisco-asmc-helper-code-execution(67739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-2039",
"datePublished": "2011-06-02T19:00:00",
"dateReserved": "2011-05-10T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}