Pingie: HTTP:: HTC Handheld Devices Affected by Critical Bluetooth Vulnerability

HTTP:: HTC Handheld Devices Affected by Critical Bluetooth Vulnerability
--------
A zero-day severe directory traversal vulnerability in the Bluetooth File Transfer Profile (FTP) implementation on HTC smartphones running Windows Mobile 6 and 6.1 has been publicly disclosed. The flaw allows attackers to perform file-reading and -writing operations outside the folders shared via Bluetooth. Spanish mobile security researcher Alberto Moreno Tablado, who discovered this vulnerability, explained that he decided to go public after HTC showed no interest in releasing a patch, despite the fact that it had been notified about the issue since February. "HTC Europe has been contacted several times since 2009/02 until 2009/06. Through out [sic.] this period of time I attempted to collaborate with the vendor and provided all the details concerning on [sic.] the exploitation of the flaw," he writes. Tablado initially believed that this was a vulnerability in the Microsoft Bluetooth stack in Windows Mobile 6 and 6.1, however Microsoft concluded that only HTC's impleme!
ntation of the OBEX FTP Service was affected. More specifically, this concerns a 3rd-party driver called obexfile.dll, developed by HTC. The flaw is easy to exploit and only requires pairing over Bluetooth with the vulnerable device. This can be easily achieved if the devices have paired before or by emp...
--------
http://news.softpedia.com/news/HTC-Handhelds-Devices-Affected-by-Critical-Bluetooth-Vulnerability-116858.shtml

<a href="http://c.admob.com/c1.php/2/EkDAULGervEkCz-uO5-US4A5F09350ECC8524a56d9e380fc061">NO LIMITS downloads for your mobile</a>