Wednesday, May 28, 2008

Motorola RAZR JPG Processing Stack Overflow

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.

The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.

http://www.zerodayinitiative.com/advisories/ZDI-08-033/

----------------------

Check out Nate's writeup on ZDNet as well.

I don't know about other AT&T Razr users but in the past I have had a very very hard time finding software updates for my phone. Basically, I haven't found any....ever.

Even when other vendors are updating their Razr phones - Verizon, T-mobile, Sprint, etc.

I won't know what AT&T's deal is..but it is not cool.

No comments:

Post a Comment