No Patch for IE on Windows Mobile/CE
- To: Securityfocus <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: No Patch for IE on Windows Mobile/CE
- From: "LIUDIEYU dot COM" <liudieyu.com@xxxxxxxxx>
- Date: Fri, 13 Jul 2007 23:10:59 +0800
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=MpIXUHAOLd6L0xVePCmvF106A+5UY1vj8ZUizZrSJVQZw8sxaoVUKandcdOF3a7HR+1xeBDkxT+1CEl4poyD58c646eVvAc5Qv/T1RX8vNOBPieBS+sz3RmM7WsNgzUdfIm69UD7hRwKTbtCwKYBnjm932risKKEnGB+nXYvsHw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=KCRN0kzdNsB87jrawlylvF3qfrQSGXs0OeqVEhEJjmKq/MkuwqZ/BVg2uuoZsHoJ+CsnNPJ1U8bvbWaewZXmYwyQ0KOHnnHXJ56726k1hdvgalNObXhzNAh8SfFZDw9s6ei/nzQ7KwYDEI9lmopzpxEpIPReI3KTGAXIXQVghzY=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
When Microsoft patches a security problem in IE, they generally don't
make fix for Windows Mobile. Some security problems, such as address
spoofing and cross-domain scripting etc, they are not naturally
eliminated by lower-level changes ... a different operating system,
another cpu arch, address space layout randomization, non-executable
stack, etc. A patch would be necessary for rectification or the
problem remains.
For pentesters I suggest maybe it's worthwhile to try a little muscle
against IE on mobile devices.
LIU DIE YU
12 JUL 2007