I seem to recall (though can't find a reference, and Google is very mute on the topic) a talk at WAP Wednesday in 1999 on this exact topic, from some folks who went into a lot of the technical detail of how to do nasty buffer overflow things through binary SMS. It's pretty poor that 10 years on these exploits still exist, I suppose.
And I do like the conclusion of the article: that making firmware updates straightforward is the answer, as it'll allow vendors to patch such bugs after a handset launch. It's another win for the gentle divorce of mobile software from hardware.
P.S. Yes it has been quiet here. No I haven't stopped thinking.