Home Microsoft CVE-2009-0244
Back to Microsoft

CVE-2009-0244

Windows Mobile - Bluetooth Stack

Microsoft CVSS 8.8 Updated April 30, 2026

Executive Risk Summary

"A directory traversal vulnerability exists in the Microsoft Bluetooth stack in Windows Mobile, allowing remote authenticated users to list arbitrary directories, create or read arbitrary files, and potentially execute code by writing to a Startup folder. This vulnerability can be exploited by sending a malicious OBEX FTP request with a .. (dot dot) in a pathname."

Anticipated Attack Path

  1. 1. Send a malicious OBEX FTP request with a .. (dot dot) in a pathname
  2. 2. Traverse directories and read or create arbitrary files
  3. 3. Write to a Startup folder to achieve code execution

Am I Vulnerable?

  • Verify if the device is running Windows Mobile 6 Professional, 5.0 for Pocket PC, or 5.0 for Pocket PC Phone Edition
  • Check for the presence of the Microsoft Bluetooth stack
  • Monitor for suspicious OBEX FTP requests

Operational Audit Arsenal

Target Type Service
Target Asset bthsvcs.exe
Standard Path Windows Mobile device
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: bthsvcs.exe (Service)
$Targets = 'bthsvcs.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

Windows Mobile device vulnerable to directory traversal attack via Bluetooth stack, potential for code execution

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://secunia.com/advisories/33598
Official Advisoryhttp://securityreason.com/securityalert/4938
Official Advisoryhttp://www.securityfocus.com/archive/1/500199/100/0/threaded
Official Advisoryhttp://www.securityfocus.com/bid/33359
Official Advisoryhttp://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html
Official Advisoryhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48124
Official Advisoryhttp://secunia.com/advisories/33598
Official Advisoryhttp://securityreason.com/securityalert/4938
Official Advisoryhttp://www.securityfocus.com/archive/1/500199/100/0/threaded
Official Advisoryhttp://www.securityfocus.com/bid/33359
Official Advisoryhttp://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html
Official Advisoryhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48124

Related Microsoft Threats

CVE-2026-42901 CVSS 10

Microsoft Entra ID
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.