What is the severity of CVE-2009-0244?

CVE-2009-0244 has a moderate severity rating as it allows remote authenticated users to exploit the directory traversal vulnerability in the OBEX FTP Service.

How do I fix CVE-2009-0244?

To fix CVE-2009-0244, update your Microsoft Windows Mobile device to the latest firmware version that addresses this vulnerability.

Which versions of Windows Mobile are affected by CVE-2009-0244?

CVE-2009-0244 affects Windows Mobile 5.0 and 6.0 devices, including versions for Professional, Standard, and Pocket PC.

Who can exploit CVE-2009-0244?

CVE-2009-0244 can be exploited by remote authenticated users who have access to the OBEX FTP Service on the affected Windows Mobile devices.

Vulnerability/
CVE-2009-0244

high

8.8

CWE

21/1/2009

26/1/2024

CVE-2009-0244: Path Traversal

First published: Wed Jan 21 2009(Updated: )

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Windows 10 for Mobile	=6.0
Windows 10 for Mobile	=6.0
Windows 10 for Mobile	=5.0
Windows 10 for Mobile	=5.0
Windows 10 for Mobile	=6.0
Windows 10 for Mobile	=5.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0244?
CVE-2009-0244 has a moderate severity rating as it allows remote authenticated users to exploit the directory traversal vulnerability in the OBEX FTP Service.
How do I fix CVE-2009-0244?
To fix CVE-2009-0244, update your Microsoft Windows Mobile device to the latest firmware version that addresses this vulnerability.
Which versions of Windows Mobile are affected by CVE-2009-0244?
CVE-2009-0244 affects Windows Mobile 5.0 and 6.0 devices, including versions for Professional, Standard, and Pocket PC.
What kind of access can an attacker gain through CVE-2009-0244?
An attacker can gain the ability to list arbitrary directories, and create or read arbitrary files on vulnerable devices through CVE-2009-0244.
Who can exploit CVE-2009-0244?
CVE-2009-0244 can be exploited by remote authenticated users who have access to the OBEX FTP Service on the affected Windows Mobile devices.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/description
agent/severity
agent/event
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/microsoft
canonical/windows 10 for mobile
version/windows 10 for mobile/6.0
version/windows 10 for mobile/5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.