Alberto Moreno Tablado

**Name of the Vulnerable Software and Affected Versions** Windows Mobile versions 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition Windows Mobile 6 Professional **Description** A directory traversal issue in the OBEX FTP Service of the Microsoft Bluetooth stack allows remote authenticated users to list arbitrary directories, create or read arbitrary files, via a .. (dot dot) in a pathname. This can be leveraged for code execution by writing to a Startup folder. **Recommendations** For Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, restrict access to the OBEX FTP Service to minimize the risk of exploitation. For Windows Mobile 6 Professional, consider disabling the OBEX FTP Service until a patch is available. Avoid using the .. (dot dot) sequence in pathnames for the OBEX FTP Service until the issue is resolved.