Being a Microsoft ally may spell profits but it also spells malicious users out to find cracks in your armor. Trend Micro discovers such a crack this week on a 3rd-party application commonly used on Windows mobile, a compact version of Windows designed for mobile devices, such as Pocket PCs and Smartphones.
This flaw involves a specially-crafted PNG file causing a buffer overflow when opened in Resco Photo Viewer. It affects mobile devices running Windows Mobile 5.0, 2003, and 2003SE. Note that buffer overflows open up the affected system to malicious code injection and execution.
Trend Micro ascertains that Resco Photo Viewer v4.11 and v6.01 are affected. However, versions in between the two mentioned may also be vulnerable.
Users are advised not to open files using the said photo viewer until its manufacturers release an appropriate patch.