Windows Mobile Microsoft Windows Mobile

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Mobile.

Recent Microsoft Windows Mobile Security Advisories

Advisory Title Published
CVE-2025-29811 CVE-2025-29811 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability April 8, 2025
CVE-2024-49110 CVE-2024-49110 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability December 10, 2024
CVE-2024-49083 CVE-2024-49083 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability December 10, 2024
CVE-2024-49077 CVE-2024-49077 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability December 10, 2024
CVE-2024-49078 CVE-2024-49078 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability December 10, 2024
CVE-2024-49092 CVE-2024-49092 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability December 10, 2024
CVE-2024-49087 CVE-2024-49087 Windows Mobile Broadband Driver Information Disclosure Vulnerability December 10, 2024
CVE-2024-49073 CVE-2024-49073 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability December 10, 2024
CVE-2024-43561 CVE-2024-43561 Windows Mobile Broadband Driver Denial of Service Vulnerability October 8, 2024
CVE-2024-43559 CVE-2024-43559 Windows Mobile Broadband Driver Denial of Service Vulnerability October 8, 2024

By the Year

In 2025 there have been 0 vulnerabilities in Microsoft Windows Mobile. Windows Mobile did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Windows Mobile vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Mobile Security Vulnerabilities

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition

CVE-2009-0244 8.8 - High - January 21, 2009

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Directory traversal

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors

CVE-2008-4609 - October 20, 2008

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Configuration

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450

CVE-2006-6908 - December 31, 2006

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Embedded Compact or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe