Bugtraq mailing list archives
Re: Nokia N95-8 JPG crash
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov () inp nsk su>
Date: Tue, 10 Feb 2009 09:47:49 +0600 (NOVT)
This file crashes Nokia E90 too (*#0000# says 210.34.75, 12-04-2008, RA-6, Nokia E90 (16)). In fact, E90 uses exactly the same platform as N95 (TI OMAP 2420) with same Symbian v9.2 (S60 v3 FP1), so the
crash was predictable.
I've tested on:
- Image browser -- by pressing [Open] in File Manager, so that the
application crashes immediately, and File Manager barking "Unable to
open file".
- Gallery -- begins to scan all images in phone memory and card, and
crashes soon, obviously when it encounters nokiacrash.jpg. So, just
putting this file anywhere in the filesystem is Gallery DoS.
- Web Browser -- does nothing when typing file:///E:/nokiacrash.jpg, but
crashes upon <IMG SRC=nokiacrash.jpg> in HTML file (of course,
Settings->Page->Load Content have to be set to "Images" or "All",
otherwise IMG tags are skipped).
_________________________________________
Dmitry Yu. Bolkhovityanov
The Budker Institute of Nuclear Physics
Novosibirsk, Russia
On Sun, 7 Feb 2009, jplopezy () gmail com wrote:
Application: Nokia N95-8 OS: Symbian ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description The nokia n95 is a smartphone, this phone have more tools, for example: gps,mp3,camera,wireless. :) ------------------------------------------------------ Vulnerability The vulnerability is caused when opening a specially modified jpg file. This bug cause crash in the browser or in the aplication with that is open example "image editor" or Multimedia Messaging System. ------------------------------------------------------ POC/EXPLOIT you can open this url with the browser or send mms with this image. http://es.geocities.com/jplopezy/nokiacrash.jpg ------------------------------------------------------ Juan Pablo Lopez Yacubian
Current thread:
- Nokia N95-8 JPG crash jplopezy (Feb 09)
- Re: Nokia N95-8 JPG crash Dmitry Yu. Bolkhovityanov (Feb 10)