Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability

Bugtraq ID:	26091
Class:	Access Validation Error
CVE:	CVE-2007-5493
Remote:	Yes
Local:	No
Published:	Oct 17 2007 12:00AM
Updated:	Oct 18 2007 12:17AM
Credit:	Ollie Whitehouse of Symantec Vulnerability Research discovered this issue.
Vulnerable:	Microsoft Windows Mobile 2005 PocketPC Phone Edition 0
Not Vulnerable:

Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability

Microsoft Windows Mobile is prone to a vulnerability that can result in the obfuscation of an SMS message source.

Attackers can exploit this issue to anonymously send malicious messages to affected devices.

Microsoft Windows Mobile 5 PocketPC is vulnerable; other versions may also be affected.

Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability

References:

• Windows Mobile Homepage (Microsoft)
  
• SYMSA-2007-011: Microsoft WM5 PocketPC Phone Ed SMS Handler Issue ([email protected])