JPG hole cuts RAZR open | The Register

Skip to content

Comms:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
The Perfect (Virtual) Marriage
Deduplication and VMware
Gartner Report: How IT Management Can "Green" the Data Center
Establishing energy efficiency
Server Consolidation and Containment
With Virtual Infrastructure
Enabling the Data Center Metamorphosis
From Fixed To Fluid

The Register » Comms » Mobile »

JPG hole cuts RAZR open

Motorola handset vulnerable

By Bill Ray → More by this author

Published Wednesday 28th May 2008 11:54 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

A bug in Motorola's RAZR firmware could allow a malformed JPG file sent over MMS to overflow the stack, theoretically making it able to execute arbitrary code.

The exploit is hypothetical, and would be very hard to abuse, but it's still a serious enough prospect for Motorola to issue a fixed firmware download – even if it's taken them the best part of a year to do so.

The problem is in the EXIF parser, which extracts additional data from a JPG file when it's received. Exchangable Image File Format is a set of tags that can be embedded in image files, such as the location where the image was taken or the camera used to take it.

The problem was reported to the TippingPoint Zero Day Initiative back in October last year, and they informed Motorola at the time but kept the details to themselves until a fix was available. ®

Free whitepaper: Enabling the Data Center Metamorphosis. From Fixed To Fluid

15 comments posted — Comment period finished

V3

Posted: 14:23 28th May 2008

Ah typical Motorola

Posted: 14:46 28th May 2008

UK Software update link

Posted: 15:15 28th May 2008

Oh no!

Posted: 17:31 28th May 2008

Eh?

Posted: 18:44 28th May 2008

More comments…

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

So what's the easiest box to hack - Vista, Ubuntu or OS X? (19 March 2008)
Reins put on key Vista SP1 update as Microhoo! is released into the wild (22 February 2008)
Daft users and insecure web apps dominate threat index (27 November 2007)
Exploit broker aims marketing machine at Unix app crack (17 November 2007)
Security vuln auction site pulls in research (12 October 2007)
Experts fret over credit card compliance (27 September 2007)
Linkedin spurns bug bounty hunter (31 July 2007)
Zero-day sales not 'fair' - to researchers (3 June 2007)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Making Green IT a Reality

Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers.

Whitepapers	Jobs
Strategies for Deploying Blade Servers in Existing Data Centers [WP125] Eliminating the Security Risk of Sending Confidential Information by Email Getting The Package Right SSL in High-Security Browsers	Trading Floor Support Experienced Lead Perl developer for SF startup Perl Principal Scientific Software Developer Consultant Perl Developer Contract Perl Developer

Top 20 stories • All The Week’s Headlines • Archive • Search