June 6th, 2008, 03:38 PM
RAZR MMS Vulnerability
Thought this was interesting because I once owned one and it goes to show that even the lowly cell phone can be a target. The venerable Motorola RAZR can fall prey to an MMS message containing a malicious JPG.
Zero Day Initiative has the details:
Motorola RAZR JPG Processing Stack Overflow Vulnerability
Short and sweet. Motorola has information on how to update the phone's firmware, but unless you blindly accept MMS images, the likelihood of getting infected are nil.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.
The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.
June 6th, 2008, 05:58 PM
The Wolfman thinks a lot people will blindly accept an MMS image. Curiosity sometimes out-weighs common sense.
Does anyone know if this vulnerability is actively being exploited? Has an exploit been released?
June 6th, 2008, 06:40 PM
Wolfie is right. The average person on the street would probably never even consider that this is even a vulnerability (hell most of them will open anything sent to them on their PC still much less their phone). There would be the overriding incentive that they could get to look at somethin' nekked.
Only trust Pipe-smoking Penguins.
By therenegade in forum Web Security
Last Post: April 1st, 2005, 08:03 AM
By mohaughn in forum Microsoft Security Discussions
Last Post: October 13th, 2004, 04:31 AM
By spools.exe in forum Microsoft Security Discussions
Last Post: September 15th, 2003, 09:47 PM
By xmaddness in forum Miscellaneous Security Discussions
Last Post: January 28th, 2003, 08:12 PM
By souleman in forum Microsoft Security Discussions
Last Post: April 11th, 2002, 11:39 PM