Описание
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Ссылки
- Broken Link
- Exploit
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploit
- Third Party AdvisoryVDB Entry
- Broken Link
- Exploit
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploit
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
8.5 High
CVSS2
Дефекты
Связанные уязвимости
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
EPSS
8.8 High
CVSS3
8.5 High
CVSS2