cbcvebase.
CVE-2008-4295
published 2008-09-27

CVE-2008-4295: Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer…

PriorityP336medium5.4CVSS 2.0
AVNACHAuNCNINAC
EXPLOIT
EPSS
30.14%
98.0th percentile
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftwindows_mobile

Detection & IOCsextracted from sources · hover to see the quote

commandhciconfig name `perl -e 'print "A"x90000'`
commandhciconfig piscan
  • A Bluetooth device advertising an HCI name of approximately 90,000 bytes (e.g., 'A' repeated 90000 times) is a strong indicator of exploitation attempts against CVE-2008-4295.
  • Monitor for inbound RFCOMM Bluetooth connections on channel 3 from devices with abnormally long HCI names, which is the direct-connect exploitation vector.
  • ·Affected devices are specifically HTC Wiza 200 and HTC MDA 8125 running Windows Mobile 6.0 (fully patched at time of discovery); scope is limited to these hardware/OS combinations.
  • ·The PoC uses Net::Bluetooth (Perl) for the direct-connect vector; detection of the tool itself on a host may indicate preparation for this attack.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.