CVE-2008-4295 - Vulnerability Details - OpenCVE

Description

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

Published: 2008-09-27

Score: 5.4 Medium

EPSS: 53.8% High

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:htc:mda:8125:::::::*
	cpe:2.3:h:htc:wiza:200:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.53782.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://secunia.com/advisories/32066
http://www.securityfocus.com/bid/31420
https://exchange.xforce.ibmcloud.com/vulnerabilities/45463
https://www.exploit-db.com/exploits/6582

History

No history.

Subscriptions

Htc Mda Wiza

Microsoft Windows Mobile

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-27T00:00:00.000Z

Updated: 2024-08-07T10:08:35.016Z

Reserved: 2008-09-26T00:00:00.000Z

Link: CVE-2008-4295

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-27T10:30:03.600

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-4295

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "windowsmobile-bluetooth-dos(45463)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6582"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4295", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "windowsmobile-bluetooth-dos(45463)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6582"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:35.016Z"}, "title": "CVE Program Container", "references": [{"name": "windowsmobile-bluetooth-dos(45463)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6582"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4295", "datePublished": "2008-09-27T00:00:00.000Z", "dateReserved": "2008-09-26T00:00:00.000Z", "dateUpdated": "2024-08-07T10:08:35.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54F2E86B-81CA-45D7-94B4-048F0A01650C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:htc:mda:8125:*:*:*:*:*:*:*", "matchCriteriaId": "2B038B84-F19A-4235-94B0-0604A6AC9BD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:htc:wiza:200:*:*:*:*:*:*:*", "matchCriteriaId": "76A4A26F-4944-4802-B0E1-A87B67AEE4D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}, {"lang": "es", "value": "Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no trata adecuadamente el primer intento de establecer la conexi\u00f3n Bluetooth a un punto con un nombre largo, lo cual permite a atacantes remotos causar denegaci\u00f3n de servicio (reinicio de dispositivo) por la configuraci\u00f3n de un dispositivo Bluetooth con un nombre hci largo y (1) conexi\u00f3n directamente al sistema Windows Mobile o (2) esperar para escanear dispositivos cercanos del sistema Windows Mobile."}], "id": "CVE-2008-4295", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-27T10:30:03.600", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32066"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31420"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6582"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6582"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}