CVE-2008-4295

EPSS 40.75%
Veröffentlicht 27.09.2008 10:30:03
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Mobile Version6.0

Htc ≫ Mda Version8125
Htc ≫ Wiza Version200

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	40.75%	0.971

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/32066

http://www.securityfocus.com/bid/31420

https://exchange.xforce.ibmcloud.com/vulnerabilities/45463

https://www.exploit-db.com/exploits/6582

https://nvd.nist.gov/vuln/detail/CVE-2008-4295

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4295

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4295

EUVD