» Windows CE GIF/JPG handling vulnerability discovered -> TamsWMS - the Windows Mobile Smartphone Blog - The Windows Mobile Smartphone news and opinion source

May 2008
M	T	W	T	F	S	S
« Apr		Jun »
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Windows CE GIF/JPG handling vulnerability discovered

By admin

SecurityFocus has reported a new vulnerability that affects Windows CE as follows:

Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code
Execution Vulnerabilities
BugTraq ID: 29147
Remote: Yes
Date Published: 2008-05-09
Relevant URL: http://www.securityfocus.com/bid/29147
Summary:
Microsoft Windows CE is prone to multiple vulnerabilities that allow attackers to execute arbitrary code. The issues stem from unspecified errors.

An attacker can exploit these issues to execute arbitrary code within the context of the affected components. Failed exploit attempts will likely result in denial-of-service conditions.

Cutting a long story short: applications that use the imaging components in Windows CE can be attacked or crashed by opening specially prepared GIF/JPEG files.

Since such exploits must be targeted at a specific version of an app, the real-world threat level IMHO is rather low. Nevertheless: failed attacks are likely to cause system crashes(soft resets)…which could become pretty annoying onthe long run…

We have forwarded this to a few developers and expect a statement soon.

This entry is filed under Miscellaneous. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.