Phone-crashing bugs found in Windows Mobile

A security company has found a pair of bugs in Microsoft's Windows Mobile which, if exploited, could crash phones and other devices running the software.

The vulnerabilities lie in Windows Mobile Internet Explorer and Windows Mobile Pictures and Video, Trend Micro said in a pair of security alerts. Viewing a rigged web page or malicious JPEG image file on a Windows Mobile device will cause it to fail, according to the security vendor.

Todd Thiemann, director of device security marketing at Trend Micro, said: "Both of these vulnerabilities are potential denial of service factors. What we're seeing over time is an uptick in the threats against smart phones, particularly those running Symbian and Windows Mobile."

Trend Micro has told Microsoft about the problems and has not publicly shared the vulnerability details. Thiemann said: "The sky isn't falling. Nobody out there is aware of this." The company doesn't expect any imminent attacks exploiting the problems, he said.

Microsoft is aware of the issues and is investigating them, according to a company representative. If needed, the software maker will provide an update to hardware makers for distribution to people who use the Windows Mobile devices, it said. The problems affect Windows Mobile 2003 and Windows Mobile 5.0, according to Trend Micro.

While the number of threats to phones today is low, security experts and analysts agree the situation is likely to change with the advent of smart phones running common operating systems. Security companies, including Trend Micro, are hawking software to shield phones against possible attacks.

In addition to the Windows Mobile issues, Microsoft is also investigating a report of yet another vulnerability in Word. Symantec and the French Security Incident Response Team, or FrSirt, say they have spotted a fifth zero-day flaw in the word-processing application. Microsoft, however, said the problem is previously known.

A company representative said: "Microsoft's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue."

The newest problem allows an attacker to hijack systems running Word 2003, Symantec said in an alert. The company has advised people to make sure their security software is up to date and urges caution when opening Word documents.

Joris Evers writes for CNET News.com