The people at Securityteam have found a vulnerability in HotSync v. 3.04 that allows someone to crash the Palm device and potentially run arbitrary code on the device.
Only HotSync under Windows 98 is vulnerable. Windows NT is not affected. To find out if you have Network HotSync enabled, right-click on the HotSync icon on the task bar and see if Network is checked. It is not known if the version of HotSync that ships with the Handspring Visor is affected. Palm Computing is aware of the problem and will fix it with the next release of HotSync Manager.
Click here for the complete article.