Date: Fri, 13 Jul 2007 23:10:59 +0800
From: "LIUDIEYU dot COM" <liudieyu.com@gmail.com.>
To: Securityfocus <bugtraq@securityfocus.com.>
Subject: No Patch for IE on Windows Mobile/CE
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Scanned: antivirus-gw at tyumen.ru
When Microsoft patches a security problem in IE, they generally don't
make fix for Windows Mobile. Some security problems, such as address
spoofing and cross-domain scripting etc, they are not naturally
eliminated by lower-level changes ... a different operating system,
another cpu arch, address space layout randomization, non-executable
stack, etc. A patch would be necessary for rectification or the
problem remains.
For pentesters I suggest maybe it's worthwhile to try a little muscle
against IE on mobile devices.
LIU DIE YU
12 JUL 2007
