CVE-2008-4295 - Vulnerability Details - OpenCVE

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.53782.

Key SSVC decision points have not yet been added.

Vendors	Products
Htc Subscribe	Mda Subscribe Wiza Subscribe
Microsoft Subscribe	Windows Mobile Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:htc:mda:8125:::::::*
	cpe:2.3:h:htc:wiza:200:::::::*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/32066
http://www.securityfocus.com/bid/31420
https://exchange.xforce.ibmcloud.com/vulnerabilities/45463
https://www.exploit-db.com/exploits/6582

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-27T00:00:00

Updated: 2024-08-07T10:08:35.016Z

Reserved: 2008-09-26T00:00:00

Link: CVE-2008-4295

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-27T10:30:03.600

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4295

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-26T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "windowsmobile-bluetooth-dos(45463)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6582"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4295", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "windowsmobile-bluetooth-dos(45463)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6582"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:35.016Z"}, "title": "CVE Program Container", "references": [{"name": "windowsmobile-bluetooth-dos(45463)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6582"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4295", "datePublished": "2008-09-27T00:00:00", "dateReserved": "2008-09-26T00:00:00", "dateUpdated": "2024-08-07T10:08:35.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54F2E86B-81CA-45D7-94B4-048F0A01650C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:htc:mda:8125:*:*:*:*:*:*:*", "matchCriteriaId": "2B038B84-F19A-4235-94B0-0604A6AC9BD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:htc:wiza:200:*:*:*:*:*:*:*", "matchCriteriaId": "76A4A26F-4944-4802-B0E1-A87B67AEE4D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}, {"lang": "es", "value": "Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no trata adecuadamente el primer intento de establecer la conexi\u00f3n Bluetooth a un punto con un nombre largo, lo cual permite a atacantes remotos causar denegaci\u00f3n de servicio (reinicio de dispositivo) por la configuraci\u00f3n de un dispositivo Bluetooth con un nombre hci largo y (1) conexi\u00f3n directamente al sistema Windows Mobile o (2) esperar para escanear dispositivos cercanos del sistema Windows Mobile."}], "id": "CVE-2008-4295", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-27T10:30:03.600", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32066"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31420"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6582"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6582"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}