Results 1 to 3 of 3
  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003

    RAZR MMS Vulnerability

    Thought this was interesting because I once owned one and it goes to show that even the lowly cell phone can be a target. The venerable Motorola RAZR can fall prey to an MMS message containing a malicious JPG.

    Zero Day Initiative has the details:

    Motorola RAZR JPG Processing Stack Overflow Vulnerability

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.

    The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.
    Short and sweet. Motorola has information on how to update the phone's firmware, but unless you blindly accept MMS images, the likelihood of getting infected are nil.

    [via Engadget]

  2. #2
    Senior Member wolfman1984's Avatar
    Join Date
    Aug 2007
    The Wolfman thinks a lot people will blindly accept an MMS image. Curiosity sometimes out-weighs common sense.

    Does anyone know if this vulnerability is actively being exploited? Has an exploit been released?
    The Wolfman's Homepage: http://www.fangtastic.org
    Do you dig the Wolfman?? Sign his Ghoulbook or listen to him Howl

  3. #3
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Wolfie is right. The average person on the street would probably never even consider that this is even a vulnerability (hell most of them will open anything sent to them on their PC still much less their phone). There would be the overriding incentive that they could get to look at somethin' nekked.
    Only trust Pipe-smoking Penguins.

Similar Threads

  1. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 08:03 AM
  2. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 04:31 AM
  3. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 09:47 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 08:12 PM
  5. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.