The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows Mobile

vulnerability note CVE-2012-2993

Windows Phone 7: not checking the Common Name

Synthesis of the vulnerability

The Windows Phone 7 messaging client does not check the Common Name field of the X.509 certificate sent by the server, so an attacker can use a man-in-the-middle without being detected.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet server.
Creation date: 18/09/2012.
Identifiers: BID-55569, CVE-2012-2993, VIGILANCE-VUL-11954, VU#389795.

Description of the vulnerability

The Windows Phone 7 system contains a messaging client to connect to POP3, IMAP or SMTP servers.

Sessions can be encrypted by SSL/TLS. In this case, the server sends an X.509 certificate. The Common Name filed has to be the same as the server name.

However, if the Common Name field is for another site, Windows Phone 7 accepts it.

The Windows Phone 7 messaging client therefore does not check the Common Name field of the X.509 certificate sent by the server, so an attacker can use a man-in-the-middle without being detected.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 11253

Windows Phone: denial of service via SMS

Synthesis of the vulnerability

An attacker can send an SMS, in order to restart a Windows Phone 7.5 device.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 27/12/2011.
Identifiers: BID-51179, VIGILANCE-VUL-11253.

Description of the vulnerability

An attacker can send an SMS, in order to restart a Windows Phone 7.5 device.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11147

SSL: revocation of DigiCert Malaysia

Synthesis of the vulnerability

The DigiCert Malaysia intermediary certificate authority was revoked.
Impacted products: Debian, Fedora, Mandriva Linux, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Mobile, Windows Vista, Windows XP, Firefox, Thunderbird, openSUSE, SSL protocol, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: internet server.
Creation date: 10/11/2011.
Identifiers: 2641690, CERTA-2003-AVI-008, DSA-2339-1, DSA-2341-1, DSA-2342-1, DSA-2343-1, FEDORA-2011-15586, MDVSA-2011:169, openSUSE-SU-2011:1241-1, RHSA-2011:1437-01, RHSA-2011:1440-01, RHSA-2011:1444-01, SUSE-SU-2011:1256-2, VIGILANCE-VUL-11147.

Description of the vulnerability

The DigiCert Malaysia (Digicert Sdn Bhd) intermediary certification authority was revoked, due to the issuance of 22 certificates with weak keys, and to several technical issues (VIGILANCE-ACTU-3168).

It is thus recommended to delete this certification authority.

This certification authority is under Entrust and Verizon (GTE CyberTrust). It is different from DigiCert Inc (http://www.digicert.com/).
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 10483

IE, Firefox, SeaMonkey, Opera: certificate revokation

Synthesis of the vulnerability

After an intrusion in a certification authority, web browsers revoked some certificates.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, Mandriva Linux, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Mobile, Windows Vista, Windows XP, Firefox, SeaMonkey, openSUSE, Opera, RHEL, Slackware.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, no consequence.
Provenance: internet server.
Creation date: 23/03/2011.
Revision date: 23/03/2011.
Identifiers: 2524375, CERTA-2003-AVI-002, CERTA-2011-AVI-169, DSA-2199-1, DSA-2200-1, DSA-2203-1, FEDORA-2011-4244, FEDORA-2011-4250, FEDORA-2011-5152, FEDORA-2011-5161, MDVSA-2011:068, MDVSA-2011:072, MDVSA-2011:074, MFSA 2011-11, openSUSE-SU-403, RHSA-2011:0373-01, RHSA-2011:0375-01, RHSA-2011:0472-01, SA54, SSA:2011-086-01, SSA:2011-086-02, VIGILANCE-VUL-10483.

Description of the vulnerability

A certification authority signs certificates of web sites using SSL (https). Certificates of these authorities are installed by default in web browsers, in order to provide the chain of trust.

An intrusion occurred in the UserTrust certification authority, a partner of Comodo.

An attacker used this authority to sign 9 fake certificates for web sites (google.com, yaoo.com, mozilla.com, etc.). He can thus create a malicious https://www.example.com/ web site and invite the victim to connect, with no warning.

Several web browser editors decided to block these 9 certificates.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 10061

Windows Mobile: memory corruption via vCard

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious vCard, in order to corrupt the memory of Windows Mobile, which creates a denial of service and possibly leads to code execution.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 21/10/2010.
Identifiers: BID-44287, VIGILANCE-VUL-10061.

Description of the vulnerability

A CVF visit card in vCard format contains several fields:
 - field N : name
 - field FN : full name
 - field TEL : phone number
 - etc.
They can be shared via MMS or Bluetooth.

When Windows Mobile receives a vCard with a long N name, several memory allocations are done. However, unused areas are freed several times. The memory is thus corrupted.

An attacker can therefore invite the victim to open a malicious vCard, in order to corrupt the memory of Windows Mobile, which creates a denial of service and possibly leads to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 9605

Windows Mobile: Cross Site Scripting via MMS

Synthesis of the vulnerability

An attacker can send an HTML MMS, using a refresh, in order to generate a Cross Site Scripting.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 23/04/2010.
Identifiers: BID-39640, VIGILANCE-VUL-9605.

Description of the vulnerability

The "meta http-equiv=refresh" directive of an HTML document redirects the visitor to another url.

The "Show Message" configuration of HTC Touch Pro 2 mobiles directly displays the content of received messages. However, if the message uses an "meta http-equiv=refresh", its script code is run in the context of the pointed web site.

An attacker can therefore send an HTML MMS, using a refresh, in order to generate a Cross Site Scripting.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 9023

Windows Mobile: identity spoof via MMS

Synthesis of the vulnerability

An attacker can send a MMS Notification to a mobile (Blackberry 8800, Windows Mobile or Sony Ericsson W810i/W890i), which do not correctly display the sender.
Impacted products: BES, Windows Mobile.
Severity: 1/4.
Consequences: disguisement.
Provenance: document.
Creation date: 14/09/2009.
Identifiers: adv04-2009, VIGILANCE-VUL-9023.

Description of the vulnerability

When a new MMS message is available, the mobile receives a "MMS Notification" via SMS. If the user wishes to read this MMS, the mobile downloads it via WAP. MMS Notifications use the PDU M-Notification.ind format, which defines fields such as From, Subject and X-Mms-Content-Location.

However, some mobiles (Blackberry 8800, Windows Mobile or Sony Ericsson W810i/W890i) display values from the From and Subject fields, without displaying the phone number of the sender.

An attacker can therefore use the identity of a trusted sender in the From field, in order to deceive the victim receiving this MMS Notification. The victim can then accept to download a malicious MMS file.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-0244

Windows Mobile HTC: file access via OBEX FTP

Synthesis of the vulnerability

An attacker paired with Bluetooth can use OBEX FTP to read or write a file on Windows Mobile, installed on a HTC branded mobile.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user account.
Creation date: 21/01/2009.
Revision date: 10/07/2009.
Identifiers: BID-33359, CVE-2009-0244, VIGILANCE-VUL-8408.

Description of the vulnerability

The OBEX FTP service can be used to exchange files via Bluetooth. To use it, users have to be authenticated (paired).

HTC mobiles use their own DLL \Windows\obexfile.dll to handle OBEX FTP.

Shared files are located in the "My Device\My Documents\Bluetooth Share" directory. However, on a HTC mobile, an attacker can use "\.." to escape from this directory and access to other files of the mobile.

An attacker paired with Bluetooth can therefore use OBEX FTP to read or write a file on Windows Mobile for HTC.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-2160

Windows CE: code execution via GIF/JPEG

Synthesis of the vulnerability

An attacker can create a malicious GIF or JPEG image in order to execute code on the computer of victims displaying it.
Impacted products: Windows CE, Windows Mobile.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/05/2008.
Identifiers: 948812, BID-29147, CVE-2008-2160, VIGILANCE-VUL-7819.

Description of the vulnerability

Two vulnerabilities impact the image handling of Windows CE.

A malicious GIF image creates a vulnerability in img_gifdecoder.lib. [severity:3/4]

A malicious JPEG image creates a vulnerability in gdi_render.lib (GDI+). [severity:3/4]

An attacker can therefore invite the victim to see a malicious image in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 6902

Windows CE 4.2: several vulnerabilities

Synthesis of the vulnerability

Several error affecting Windows CE can have an impact on security.
Impacted products: Windows CE, Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 8.
Creation date: 12/06/2007.
Identifiers: BID-24420, BID-24424, BID-24427, BID-24445, BID-24469, KB826296, KB829492, KB833270, KB837052, KB843373, KB875504, KB891786, KB908362, VIGILANCE-VUL-6902.

Description of the vulnerability

Several error affecting Windows CE can have an impact on security.

A buffer overflow can occur in GetMachineName() function. [severity:2/4; KB826296]

A buffer overflow can occur. [severity:2/4; KB843373]

When a mailbox contains over 2000 messages, the POP3 connection hangs. [severity:2/4; BID-24469, KB829492]

An integer overflow can occur in ASN.1 library. [severity:2/4; BID-24445, KB837052]

A malicious PNG image can generate several vulnerabilities. [severity:2/4; BID-24420, KB875504]

An unknown vulnerability affects TCP/IP stack of system. [severity:2/4; BID-24424, KB908362]

A buffer overflow can occur in the ASP parser of web server. [severity:2/4; BID-24427, KB833270]

An unknown vulnerability affects Passport. [severity:2/4; KB891786]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.