Symantec is reporting that a Windows Mobile vulnerability that uses MMS (multimedia messaging service) as a vector has been released into the wild. The vulnerability was publicly disclosed over six months but no patch is yet available. Distribution of a patch could be complicated by the fact that Windows Mobile lacks an auto-update feature and especially by the fact that there are different MMS clients available. As with most other Windows Mobile updates, it will be up to the device manufacturers to release a patch.
The new exploit is a malformed MMS message that can execute a piece of code when the viewer views the message in question.
The best way to protect yourself at this time is to only view MMS message from trusted sources.
Source: Geekzone