Trend Micro reports in its
company blog, the security company has discovered flaws related to Windows
Mobile. Both of the newly found vulnerabilities are flaws in inbuilt
applications that ship by default with Microsoft's mobile device OS.
One of the said applications is "Pictures and Videos", the default application
to watch photos and video file, which can cause a mobile device to hang for 10 -
15 minutes when it tries to process a malformed JPEG file. This vulnerability
can cause a denial of service (DoS) attack against a device; however, no error
occurs during this period and the user would have no indication as to why the
device is not responding.
The other flaw is found in Windows Mobile's Internet Explorer Mobile, which
when exploited terminates IE and causes the affected mobile device to be
unstable. When exploited, this vulnerability can cause a stack overflow, which
terminates IE and makes the mobile device unstable and an affected device must
be reset to resume using Internet Explorer Mobile.
Both vulnerabilities affect Pocket PCs and Smartphones running Windows Mobile
5.0 and Windows Mobile 2003/2003SE. As of this writing, Microsoft has already
been informed of these flaws but no patches are available as of yet.
Cheers ~ Arne