TippingPoint Zero Day Initiative
 

Motorola RAZR JPG Processing Stack Overflow Vulnerability

ZDI-08-033: May 27th, 2008

CVE ID

Affected Vendors

Affected Products

    RAZR

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.

The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.

Vendor Response

Motorola states:

Together, ZDI and Motorola have identified a potential vulnerability related to viewing malicious, manipulated JPEG files affecting select RAZR-series devices. Although the possibility of this vulnerability occurring is very remote and would only occur in unique circumstances, Motorola proactively corrected it in all new device releases.

To ensure that you have the latest software load available for your device, please visit:

http://direct.motorola.com/hellomoto/NSS/update_my_software.asp


Disclosure Timeline

    2007-07-10 - Vulnerability reported to vendor
    2008-05-27 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:
    Anonymous