CVE-2008-4295
published 2008-09-27CVE-2008-4295: Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer…
PriorityP336medium5.4CVSS 2.0
AVNACHAuNCNINAC
EXPLOIT
EPSS
30.14%
98.0th percentile
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_mobile | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A Bluetooth device advertising an HCI name of approximately 90,000 bytes (e.g., 'A' repeated 90000 times) is a strong indicator of exploitation attempts against CVE-2008-4295. ↗
- →Monitor for inbound RFCOMM Bluetooth connections on channel 3 from devices with abnormally long HCI names, which is the direct-connect exploitation vector. ↗
- ·Affected devices are specifically HTC Wiza 200 and HTC MDA 8125 running Windows Mobile 6.0 (fully patched at time of discovery); scope is limited to these hardware/OS combinations. ↗
- ·The PoC uses Net::Bluetooth (Perl) for the direct-connect vector; detection of the tool itself on a host may indicate preparation for this attack. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/32066http://www.securityfocus.com/bid/31420https://exchange.xforce.ibmcloud.com/vulnerabilities/45463https://www.exploit-db.com/exploits/6582http://secunia.com/advisories/32066http://www.securityfocus.com/bid/31420https://exchange.xforce.ibmcloud.com/vulnerabilities/45463https://www.exploit-db.com/exploits/6582
2008-09-27
Published