14 DAY TRIAL // Nokia's software suite that is meant to establish connectivity between Nokia mobile phones and computers contains a security flaw that can allow an attacker to control an affected system. According to an advisory released by security company Secunia, a successful exploitation of the vulnerability can be conducted through cross-site scripting attacks or Denial of Service attempts. The only affected versions of the applications are 6.4.31.2, 6.6.0.107, and 6.6.2.2 but other releases might be also vulnerable to attacks.
"Missing authentication checks within certain ASP scripts (e.g. userList.asp, userStatusList.asp) can be exploited to modify or gain knowledge of certain user details, or to disable user accounts. Certain input passed to de/pda/dev_logon.asp, usrmgr/registerAccount.asp, and de/create_account.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site," Secunia sustained in the security advisory.
Although there is no official solution to avoid the successful exploitation of the flaw, Secunia encourages users update the solution to the latest version released by the mobile phone producer.
In the recent period, the security of our computer is more and more threatened by numerous flaws discovered in all types of applications installed on the systems. For example, the security company Secunia reported in the past that Winamp audio player is also vulnerable to attacks due to a flaw discovered in its engine. Some time ago, the compression tool used to create and extract files from archives were also the subjects of security advisories. At that time, it was reported that WinZIP contained several vulnerabilities that can allow an intruder to connect to an affected system.