Julien Bedard

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Mobile version 6.0 Description: The issue arises from improper handling of the first attempt to establish a Bluetooth connection to a peer with a long name. This allows remote attackers to cause a denial of service, resulting in a device reboot. The attack can be carried out by configuring a Bluetooth device with a long hci name and either connecting directly to the Windows Mobile system or waiting for the system to scan for nearby devices. Recommendations: For Microsoft Windows Mobile version 6.0, consider restricting Bluetooth connections to trusted devices to minimize the risk of exploitation. As a temporary workaround, avoid connecting to unknown Bluetooth devices until a fix is available.