Access Violations on Windows CE are not Security Issues (if you’re Microsoft)

**Symantec** · 26th November 2007, 06:02 PM

Time for the next installment in my enthralling series on ‘Watching Microsoft Patch Windows CE’ and remember kids:
There are currently no reported security vulnerabilities for Windows CE
In my previous entry on this subject [2] I covered up until February’s updates for Windows CE 5 (the base to Windows Mobile 5 and 6) so I’ll start logically with March’s [3 Below is my commentary for each of the fixes I feel has a security impact.

• 070310_KB934175 – Numerous bugs in the .NET 2.0 compact framework; some of the exceptions / access violation occur in native code. • 070320_KB933434 – Remote denial of service condition in RNDIS
• 070320_KB933680 – This issue discusses how Internet Explorer will crash when it receives a certain response for a web server. The update patches WININET.DLL – as we all know a crash is a pretty good indication of something worth investigating which may yield arbitrary code execution.

Moving on to April [4]:

• 070418_KB935825 – An exception in MSHTML when viewing certain web sites • 070430_KB936001 – In certain situation an access violation can occur when accessing a website over SSL. This update applies to WININET.DLL again.

Aside from this I had a quick peek at Windows CE (sorry Embedded) 6 – while not the base of any Windows Mobile family yet but I thought I’d have a quick look anyway for comparison (I’m sooooo scientific I tell ya!). Anyway this caught my eye in the March [5] update.

• 070320_KB933679 - This update addresses an error that may occur when handling some HTTP responces (sic). Anyway if you follow the KB link you get more details, Windows Internet Explorer may crash when it receives a large string value for the Content-Type field on a Windows Embedded CE 6.0-based device. Now raise your hand if that sounds like a typical overflow… the affected component… WININET.DLL again!

In addition to this rash of potential vulnerabilities, I’m also aware of a number of other researchers ramping up their capability and interest into Windows CE/Mobile 5/6. I suspect it’ll be an interesting time for Microsoft when people start pumping out file format vulnerabilities akin to the desktop targeting Windows Mobile…

[1] http://msdn2.microsoft.com/en-us/embedded/aa714508.aspx">Windows CE Critical Updates
[2] The Elephant is Still Under the Carpet (err... I mean PDA)
[3] Windows CE 5.0 Update 070331_2007M03
[4] Windows CE 5.0 Update 070430_2007M04
[5] Windows Embedded CE 6.0 Update 070331_2007M03

More...

Thread: Access Violations on Windows CE are not Security Issues (if you’re Microsoft)

LinkBack

Tools

Access Violations on Windows CE are not Security Issues (if you’re Microsoft)

Similar Threads

Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execut

Microsoft Security Advisory (954960): Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates - 8/12/2008

Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Re

Microsoft Security Advisory (917021): Description of the Wi-Fi Protected Access 2 support for Wireless Group Policy in Windows XP Service Pack 2 - 10/

Microsoft Security Advisory (910550): Macromedia Security Bulletin: MPSB05-07 Flash Player 7 Improper Memory Access Vulnerability - 5/11/2006

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions