Potential remote code execution exploits have been a rarity on Windows CE or Windows Mobile. However, "in Microsoft Windows CE 5.0, several vulnerabilities in JPEG processing (GDI+) and in GIF imaging components could allow for remote code execution," Microsoft says.
Such an attack would work by persuading a victim to go to a website and open a deliberately malformed JPEG or GIF image. Once loaded, the image causes a buffer overflow and leaves a device vulnerable to executing arbitrary program code.
While almost unheard of on Windows CE, vulnerabilities caused by potential buffer overflows occur with some regularity on desktop editions of Windows, as well as in third-party multimedia or graphics viewing tools, such as the Adobe Flash Player or RealNetworks' RealPlayer. Usually quickly fixed when detected, they result from improper "bounds checking" of file headers, the length of filenames, and other such parameters.
Microsoft did not state whether the security flaw was detected internally or discovered "in the wild." However, the company has posted fixes, as detailed below, that can be employed by those using Platform Builder to create new builds of the operating system.
Should you worry if you use a Windows CE 5.0-based device to browse the web? Unknown. Microsoft has not provided any patches for end users, nor provided any further information on the vulnerability. Our best guess: relatively few vulnerable devices exist in the field, so the likelihood of an attacker crafting malware that would find Windows CE 5.0 users may be minimal.
Further informationTo see an entry for this security flaw in the National Cyber-Alert System maintained by NIST (National Institute of Standards and Technology), go
here. To see Microsoft's web page devoted to it, and download updated operating system images for use with Platform Builder, see
here.
Related stories:
