Windows Mobile Bluetooth vulnerability allows access to any files
A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using "../" or "..\\" as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware.
The issue does require that the targeted hand held device is paired with the attacking device, which is usually only possible with the owner's consent. There are, though, situations where a user may wish to restrict access to their files for paired devices, and the problem means that these restrictions are only partially effective. Alberto Moreno Tablado, who discovered the bug, has published a detailed guide to the problem.
- Microsoft Bluetooth Stack OBEX Directory Traversal, report by Alberto Moreno Tablado