Easy Ringtone Maker Vulnerable to Attacks

The mobile phone tends to become a must have product because it allows us to communicate with other persons wherever we are. There are a lot of mobile phones producers that develop more or less attractive phones with high-tech functions such as video camera, 3G or even operating systems. Most phones are currently offering personalization features that help you customize your handheld device by changing the operator logo, the wallpaper or even the ringtone. This last aspect is very important for many phone owners because they can know easier when their phone rings by applying a personal melody.

One of the most used applications that allow you to modify the ringtone of your handheld device is Easy Ringtone Maker that imports almost any format of audio sound from your computer (MP3, WAV or WMA) and converts it into an extension for the mobile phone. The program only requires an US Cell Phone Carrier with $1.99 data transfer fee to phone.

If you are a user of this application, you should know that security company Secunia identified a highly critical security flaw in Easy Ringtone Maker that can be used by an attacker to compromise a vulnerable system. The firm said that while the issue was identified only in Easy Ringtone Maker 2.0.5, other versions of the tool might be affected too.

"Secunia Research has discovered a vulnerability in Easy Ringtone Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 2.0.5. Other versions may also be affected," Secunia said.

Although you may not like the solution provided by Secunia's employee Carsten Eiram, he considers that you should use another product or try to fix the issue by setting the kill-bit for the ActiveX control.

Easy Ringtone Maker version 2.0.4 was also tested by Softpedia and it is available as a free download on this link.