NEWS FROM THE LAB - Wednesday, January 10, 2007

Further Information on the Pocket PC MMS Exploit Posted by Jarno @ 12:04 GMT

We have done further study on the MMS exploit discovered by Collin Mulliner.

The exploit affects most Pocket PC phone edition and Windows Mobile devices that use versions of ArcSoft MMS composer predating August 2006.

Fortunately, most vendors are providing updates that patch the vulnerability, but unfortunately they don't necessarily mention this in their updates. If you are unsure whether your phone vendor is providing the update, we recommend checking the vendors support page and contacting them if they don't have information available.

We have tried the exploit with several devices, and unless the shellcode is crafted for that particular device and MMS application happens to be in correct memory slot, the only result is a crash of the MMS application.

As mentioned previously we added detection for Exploit/MMS.A in the December 30th update for F-Secure Mobile Anti-Virus for Windows Mobile devices. So we decided to shoot a short video clip of the Anti-Virus in action and stopping the corrupted MMS message before user is able to open it.

The video was shot with a QTEK 9100 that has a vulnerable version of the MMS software installed.