Windows Mobile MMS Exploit in the Wild
As reported by F-Secure and Symantec, an exploit was publicly disclosed at the Chaos Communication Conference on December 29th. Currently, the exploit is confirmed to work on an IPAQ 6315 and an i-mate PDA2k, although it is believed to work on any WM5 / Smartphone 2003-based device.
The vulnerability operates by exploiting issues within the SMIL language used in MMS messages, and allows for remote code execution of the attacker's choice. No information has been made available from MSRC regarding the issue at this time.
You can download the paper on the exploit here:
http://www.mulliner.org/pocketpc/feed/pocketpcmms_collinmulliner_23c3.pdf