CVE-2009-0244 Information

Description

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition allows remote authenticated users to list arbitrary directories and create or read arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Reference

http://secunia.com/advisories/33598 http://securityreason.com/securityalert/4938 http://www.securityfocus.com/archive/1/500199/100/0/threaded http://www.securityfocus.com/bid/33359 http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html https://exchange.xforce.ibmcloud.com/vulnerabilities/48124