James Middleton

February 1, 2007

1 Min Read
Windows Mobile hit by web bugs

Security experts this week warned of medium risk vulnerabilities in Microsoft’s Windows Mobile that could lock users out of their own devices.

US security firm Trend Micro released an advisory warning of a flaw in the Pictures and Videos application that ships with Windows Mobile 2003/2003SE and Windows Mobile 5.0 in both Smartphone and PocketPC editions.

If the Pictures and Videos application is forced to read a malformed JPEG file, the device can hang for between ten and 15 minutes while attempting to process the file.

During the Denial of Service (DoS) attack no error occurs and the user would have no indication as to why the device is not responding.

Earlier this week, Trend also warned of a vulnerability in Internet Explorer (IE) that ships by default on the same mobile operating systems.

When exploited, this vulnerability can cause a stack overflow, which terminates IE and makes the mobile device unstable. The device must be reset to allow the user to resume using IE.

Exploits for these vulnerabilities are not yet thought to be in the wild, meaning mobile users are unlikely to come across malicious websites using these techniques.

However, no patches are available at present and Trend advises users to avoid visiting untrusted or questionable web sites via their Windows Mobile device.

With the business and consumer versions of Windows Vista already on shelves, Microsoft is also working to bring a new version of its mobile operating system to market.

The next version of Windows Mobile, codenamed Crossbow, is expected to be made available either later this year or early next year.

About the Author(s)

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

You May Also Like