Motorola RAZR JPG Processing Stack Overflow VulnerabilityZDI-08-033: May 27th, 2008
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.
The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.
Vendor ResponseMotorola states:
Together, ZDI and Motorola have identified a potential vulnerability related to viewing malicious, manipulated JPEG files affecting select RAZR-series devices. Although the possibility of this vulnerability occurring is very remote and would only occur in unique circumstances, Motorola proactively corrected it in all new device releases.
To ensure that you have the latest software load available for your device, please visit:
2007-07-10 - Vulnerability reported to vendor
2008-05-27 - Coordinated public release of advisory
CreditThis vulnerability was discovered by: