CVE-2007-5460

Name: CVE-2007-5460
Creator: NVD / NIST
Published: 2007-10-15T22:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.6/10EPSS 2.22%

Last modified Jun 16, 2026

CVE-2007-5460 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.. EPSS estimates a 2.22% chance of exploitation in the next 30 days.

Description

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

Metrics

CVSS 3.1

4.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

2.22%

80.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-327

Affected Software

Vendor	Product	Versions
Microsoft	Windows Mobile	5.0

References

http://osvdb.org/38499Broken Link
http://securityreason.com/securityalert/3232Broken Link
http://www.securityfocus.com/archive/1/482299/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25976Broken Link, Patch, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223Third Party Advisory, VDB Entry
http://osvdb.org/38499Broken Link
http://securityreason.com/securityalert/3232Broken Link
http://www.securityfocus.com/archive/1/482299/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25976Broken Link, Patch, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223Third Party Advisory, VDB Entry

Timeline

Published: Oct 15, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-5460?

How severe is CVE-2007-5460?

CVE-2007-5460 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 2.22% probability of exploitation in the next 30 days.

How do I fix CVE-2007-5460?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5460?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST