What's scarier than a text message luring you
into getting your PC all hosed up with virii? An MMS message that somehow manages to do the infection honors all by its lonesome, that's what. Details are now emerging on what appears to be the world's first proof of concept for an MMS virus, exploiting a weakness in the way Windows Mobile 2003 handles SMIL (Synchronized Mutlimedia Integration Language) to cause a buffer overflow -- which in turn leads to the dreaded "arbitrary code execution." The fella responsible for the exploit apparently gave Microsoft the heads-up a solid six months ago; when he never heard back, he went public with it in a big way at Berlin's Chaos Communication Congress. The good news (if you can call it that) is that it's only been tested on the i-mate PDA2K and HP iPaq h6315
, both of which are approaching the tail ends of their useful shelf lives. No word on whether the vulnerability applies (or can be easily adapted to) Windows Mobile 2005, but somehow, "we hope not" simply doesn't properly express our sentiments.
[Via El Reg