Windows Mobile applications vulnerable to DoS attacks
In its anti-malware blog, Trend Micro has made public two new holes in preinstalled applications running on Windows 5.0 and Windows Mobile 2003/2003 for smartphones and PocketPC. Specially prepared JPEG images tie up the "Pictures & Videos" program to such an extent that your mobile device freezes for 10 to 15 minutes. At no time is an error message displayed. Attackers could exploit this vulnerability for denial-of-service attacks.
The second flaw was found in Internet Explorer for Windows Mobile; it can also be used for DoS attacks. Trend Micro does not provide any specifics on the problem, merely stating that it is a buffer overflow that leads the browser to crash and makes the operating system unstable. Devices under attack have to be rebooted. While no patch has been provided for either hole, Microsoft has reportedly been informed. There is unfortunately no workaround either, though using other applications should help.
- Trend Micro Finds More Windows Mobile Flaws, Trend Micro's security advisory