On late Friday the 29th of December, Collin Mulliner published proof-of-concept exploits of MMS vulnerabilities that he discovered six months ago. When Collin first discovered the vulnerabilities he informed the software vendors, but as he has not received a report within half-a-year, he decided to now publish the exploit at the 23rd Chaos Communication Congress in Berlin.
The proof-of-concept exploits target vulnerabilities in the SMIL presentation control language in MMS messages. Region tags in MMS SMIL are vulnerable to buffer overflow causing arbitrary code execution. In other words, if those tags get too large in content it makes it to possible for a malicious MMS message to execute code on the target device.
It is still unknown which phones are vulnerable to this exploit. Collin's research has confirmed a vulnerability in the IPAQ 6315 and i-mate PDA2k, but it is quite likely that all Pocket PC 2003 and Windows Smartphone 2003 devices are also vulnerable.
The good news is that the only devices for which the proof-of-concept code is available are the IPAQ 6315 and i-mate PDA2k. And even in those devices the attacker needs to guess the correct memory slot where the MMS processing code is executing and send correctly crafted exploit code. This means that a malicious MMS message will most likely only be able to crash the device, not to to exploit it.
So while Collin's discovery is very significant, it does not pose immediate danger to any large group of users. And although it is possible to create an MMS worm or other malware that uses the vulnerability, this particular exploit cannot be directly used in creating malware.
But to be safe, we have included detection for the exploits on Saturday the 30th in F-Secure Mobile Anti-Virus for the platforms that can be affected by this vulnerability.
As the device vendors have not given confirmation that the exploit has been fixed, we cannot confirm that patches are available. But as always, it's a very good idea to have the latest updates installed on your devices.