Wednesday, May 28, 2008 7:00 PM
cmosby
Motorola RAZR JPEG Processing Buffer Overflow - Secunia
Motorola RAZR JPEG Processing Buffer Overflow
Secunia Advisory:
SA30409
Release Date:
2008-05-28
Critical:
Highly critical
Impact:
System access
Where:
From remote
Solution Status:
Vendor Patch
OS:
Motorola RAZR
Description:
A vulnerability has been reported in Motorola RAZR, which can be exploited by malicious people to compromise a vulnerable device.
The vulnerability is caused due to a boundary error in the JPEG thumbprint component. This can be exploited to cause a stack-based buffer overflow via a specially crafted JPEG image sent via MMS. Successful exploitation allows execution of arbitrary code, but requires that the user accepts the malicious image.
Solution:
The vendor recommends updating to the latest firmware version. Please contact the vendor for more information.
Provided and/or discovered by:
Discovered by an anonymous researcher, reported via ZDI.
Original Advisory:
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-033/
Filed under: Security and Anti-Virus, Internet Hacks, Mobile\Wireless, Software Vulnerabilites