Details of VAR-200901-0408

ID

VAR-200901-0408

CVE

CVE-2009-0244

TITLE

Windows Mobile 6 Professional Run on Microsoft Bluetooth stack of OBEX FTP service, Pocket PC and Pocket PC Phone Edition 5.0 for Windows Mobile 5.0 directory traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2009-001695

DESCRIPTION

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. ( dot dot ) Through strings, arbitrary directories may be enumerated and arbitrary files may be created or viewed. The HTC OBEX FTP service is prone to a directory-traversal vulnerability. Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory, download arbitrary files, and obtain sensitive information. Other attacks may also be possible. The issue affects HTC devices running the OBEX FTP service on Windows Mobile 6.0 and 6.1. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Mobile Bluetooth Stack OBEX Directory Traversal SECUNIA ADVISORY ID: SA33598 VERIFY ADVISORY: http://secunia.com/advisories/33598/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Microsoft Windows Mobile 6.x http://secunia.com/advisories/product/14717/ DESCRIPTION: Alberto Moreno Tablado has reported a vulnerability in Microsoft Windows Mobile, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions. Successful exploitation requires OBEX read or write access. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Alberto Moreno Tablado ORIGINAL ADVISORY: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2009-0244 // JVNDB: JVNDB-2009-001695 // BID: 33359 // PACKETSTORM: 74345

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows mobile	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	windows mobile	scope:	eq	version:	6.0	Trust: 1.6
vendor:	マイクロソフト	model:	microsoft windows mobile	scope:	eq	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows mobile	scope:	eq	version:	6.0	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows mobile	scope:	eq	version:	5.0	Trust: 0.8
vendor:	htc	model:	touch viva	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch pro	scope:	eq	version:	2	Trust: 0.3
vendor:	htc	model:	touch pro	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch hd	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch find	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch dual	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch diamond	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch cruise	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	touch	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	s740	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	s730	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	s710	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	p6500	scope:	eq	version:	0	Trust: 0.3
vendor:	htc	model:	advantage	scope:	eq	version:	x75100	Trust: 0.3

sources: BID: 33359 // JVNDB: JVNDB-2009-001695 // CNNVD: CNNVD-200901-273 // NVD: CVE-2009-0244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0244
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-0244
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200901-273
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2009-0244
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2009-0244
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2009-0244
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2009-001695 // CNNVD: CNNVD-200901-273 // NVD: CVE-2009-0244

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2009-001695 // NVD: CVE-2009-0244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-273

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200901-273

PATCH

title:

Top Page

url:

http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2009-001695

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0244	Trust: 3.5
db:	BID	id:	33359	Trust: 1.9
db:	SECUNIA	id:	33598	Trust: 1.7
db:	SREASON	id:	4938	Trust: 1.6
db:	JVNDB	id:	JVNDB-2009-001695	Trust: 0.8
db:	BUGTRAQ	id:	20090119 MICROSOFT BLUETOOTH STACK OBEX DIRECTORY TRAVERSAL	Trust: 0.6
db:	XF	id:	48124	Trust: 0.6
db:	CNNVD	id:	CNNVD-200901-273	Trust: 0.6
db:	PACKETSTORM	id:	74345	Trust: 0.1

sources: BID: 33359 // JVNDB: JVNDB-2009-001695 // PACKETSTORM: 74345 // CNNVD: CNNVD-200901-273 // NVD: CVE-2009-0244

REFERENCES

url:	http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/microsoft-bluetooth-stack-directory-traversal.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/33359	Trust: 1.6
url:	http://securityreason.com/securityalert/4938	Trust: 1.6
url:	http://secunia.com/advisories/33598	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/500199/100/0/threaded	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/48124	Trust: 1.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0244	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/48124	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/500199/100/0/threaded	Trust: 0.6
url:	http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/htc-windows-mobile-obex-ftp-service-directory-traversal.html	Trust: 0.3
url:	/archive/1/504820	Trust: 0.3
url:	/archive/1/500199	Trust: 0.3
url:	http://www.htc.com/europe/supportdownload.aspx?p_id=133&cat=0&dl_id=609	Trust: 0.3
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/advisories/33598/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/product/14717/	Trust: 0.1

sources: BID: 33359 // JVNDB: JVNDB-2009-001695 // PACKETSTORM: 74345 // CNNVD: CNNVD-200901-273 // NVD: CVE-2009-0244

CREDITS

Alberto Moreno Tablado

Trust: 0.9

sources: BID: 33359 // CNNVD: CNNVD-200901-273

SOURCES

db:	BID	id:	33359
db:	JVNDB	id:	JVNDB-2009-001695
db:	PACKETSTORM	id:	74345
db:	CNNVD	id:	CNNVD-200901-273
db:	NVD	id:	CVE-2009-0244

LAST UPDATE DATE

2025-04-10T23:17:56.020000+00:00

SOURCES UPDATE DATE

db:	BID	id:	33359	date:	2011-07-28T11:50:00
db:	JVNDB	id:	JVNDB-2009-001695	date:	2024-02-22T07:08:00
db:	CNNVD	id:	CNNVD-200901-273	date:	2009-02-05T00:00:00
db:	NVD	id:	CVE-2009-0244	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	BID	id:	33359	date:	2009-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2009-001695	date:	2009-07-08T00:00:00
db:	PACKETSTORM	id:	74345	date:	2009-01-27T15:24:52
db:	CNNVD	id:	CNNVD-200901-273	date:	2009-01-21T00:00:00
db:	NVD	id:	CVE-2009-0244	date:	2009-01-21T20:30:00.453