When Microsoft patches a security problem in IE, they generally don't make fix for Windows Mobile. Some security problems, such as address spoofing and cross-domain scripting etc, they are not naturally eliminated by lower-level changes ... a different operating system, another cpu arch, address space layout randomization, non-executable stack, etc. A patch would be necessary for rectification or the problem remains. For pentesters I suggest maybe it's worthwhile to try a little muscle against IE on mobile devices. LIU DIE YU 12 JUL 2007
