Vulnerabilities > Microsoft > Windows Mobile > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-27 | CVE-2008-4295 | Improper Input Validation vulnerability in Microsoft Windows Mobile 6.0 Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | 5.4 |
| 2007-10-18 | CVE-2007-5493 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Mobile 2005 The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | 4.3 |
| 2007-10-15 | CVE-2007-5460 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0 Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. | 4.6 |