Video Screencast Help
Security Response

Access Violations on Windows CE are not Security Issues (if you’re Microsoft)

Created: 08 Jun 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:48:53 GMT
Ollie  Whitehouse's picture
0 0 Votes
Login to vote

Time for the next installment in my enthralling series on ‘Watching Microsoft Patch Windows CE’ and remember kids:

There are currently no reported security vulnerabilities for Windows CE

In my previous entry on this subject [2] I covered up untilFebruary’s updates for Windows CE 5 (the base to Windows Mobile 5 and6) so I’ll start logically with March’s [3 Below is my commentary foreach of the fixes I feel has a security impact.

• 070310_KB934175 – Numerous bugs in the .NET 2.0 compactframework; some of the exceptions / access violation occur in nativecode.

• 070320_KB933434 – Remote denial of service condition in RNDIS

• 070320_KB933680 – This issue discusses how Internet Explorer willcrash when it receives a certain response for a web server. The updatepatches WININET.DLL – as we all know a crash is a pretty goodindication of something worth investigating which may yield arbitrarycode execution.

Moving on to April [4]:

• 070418_KB935825 – An exception in MSHTML when viewing certain web sites

• 070430_KB936001 – In certain situation an access violation canoccur when accessing a website over SSL. This update applies toWININET.DLL again.

Aside from this I had a quick peek at Windows CE (sorry Embedded) 6– while not the base of any Windows Mobile family yet but I thought I’dhave a quick look anyway for comparison (I’m sooooo scientific I tellya!). Anyway this caught my eye in the March [5] update.

• 070320_KB933679 - This update addresses an error that mayoccur when handling some HTTP responces (sic). Anyway if you follow theKB link you get more details, Windows Internet Explorer may crash whenit receives a large string value for the Content-Type field on aWindows Embedded CE 6.0-based device. Now raise your hand if thatsounds like a typical overflow… the affected component… WININET.DLLagain!

In addition to this rash of potential vulnerabilities, I’m alsoaware of a number of other researchers ramping up their capability andinterest into Windows CE/Mobile 5/6. I suspect it’ll be an interestingtime for Microsoft when people start pumping out file formatvulnerabilities akin to the desktop targeting Windows Mobile…

[1]">Windows CE Critical Updates
[2] The Elephant is Still Under the Carpet (err... I mean PDA)
[3] Windows CE 5.0 Update 070331_2007M03
[4] Windows CE 5.0 Update 070430_2007M04
[5] Windows Embedded CE 6.0 Update 070331_2007M03