Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23234
HistoryFeb 16, 2010 - 12:00 a.m.

[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service

2010-02-1600:00:00
vulners.com
38
JSON

[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service

Details

Product: Motorola Milestone(Droid) Smartphone
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.motorola.com/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010

Credits

Discovered by: David Vieira-Kurz
http://www.majorsecurity.info

Affected Products:

Motorola Milestone(Droid) smartphone Browser with following useragent:
Mozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17
(KHTML, like Gecko) Version/4.0 Mobile Safari/530.17

Original Advisory:

http://www.majorsecurity.info/index_2.php?adv=major_rls65

Introduction

The Motorola Milestone(droid) is a smartphone produced by Motorola based on the android operation
system.

More Details

A remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari
Browser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone.
In detail, the following flaw was determined:
The Motorola Milestone(Droid) is prone to a denial of service vulnerability when parsing certain HTML
content.
This is possible due to a failure in handling exceptional conditions.
This issue is caused by a memory corruption error when handling javascript elements,
which could be exploited by remote attackers to crash the browser by tricking a user into visiting a
specially crafted web page.
This issue can NOT be lead to remote code execution, so that the potential security risk is rated low.

The exploit has been tested on a Motorola Milestone(Droid) using following useragent:

Mozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17
(KHTML, like Gecko) Version/4.0 Mobile Safari/530.17

Proof of Concept:

<script>
var overloadtag = "<marquee>";
for(x=1;x<=9999999999999;x++){
document.write(overloadtag);
}
&lt;/script&gt;

MajorSecurity

MajorSecurity is a German penetrationtesting and security research company which focuses
on web application security. We offer professional penetrationtestings, security audits,
source code reviews and reliable proof of concepts. You will find more Information about MajorSecurity
at http://www.majorsecurity.info/
Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or
publication, in printing or otherwise, contact [email protected] for permission.
Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are
excluded. In no event shall majorsecurity and David Vieira-Kurz IT Security Services be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or
special damages, even if majorsecurity has been advised of the possibility of such damages. Copyright
2010 MajorSecurity and David Vieira-Kurz IT Security Services. All rights reserved. Terms of use apply.

JSON