It’s not enough that Internet Explorer is patched nearly every month. Now, Airscanner has revealed that Pocket Internet Explorer (PIE) is also vulnerable and can be exploited to compromise sensitive data such as usernames and passwords.
The potential for exploiting these vulnerabilities are restricted only by an attacker’s imagination. However, Pocket IE is not as powerful as its big brother, and as such, an attacker is limited in what techniques she can use to launch the attack. For example, Pocket IE has no support for the IFrame tag, which is extremely useful in XSS and browser-based attacks. In addition, Pocket IE does not support every JavaScript command commonly used by attackers.
Airscanner describes 3 flaws: A Unicode URL Obsfucation flaw, a flaw where certain local files can be opened to reveal sensitive local information (example, opening up an ini file), the third, involving possible XSS using a <div> tag, is not strictly a flaw but can be exploited to again compromise data.
Airscanner has notified Microsoft.