This file crashes Nokia E90 too (*#0000# says 210.34.75,
12-04-2008, RA-6, Nokia E90 (16)). In fact, E90 uses exactly the same
platform as N95 (TI OMAP 2420) with same Symbian v9.2 (S60 v3 FP1), so the
crash was predictable.
I've tested on:
- Image browser -- by pressing [Open] in File Manager, so that the
application crashes immediately, and File Manager barking "Unable to
open file".
- Gallery -- begins to scan all images in phone memory and card, and
crashes soon, obviously when it encounters nokiacrash.jpg. So, just
putting this file anywhere in the filesystem is Gallery DoS.
- Web Browser -- does nothing when typing file:///E:/nokiacrash.jpg, but
crashes upon <IMG SRC=nokiacrash.jpg> in HTML file (of course,
Settings->Page->Load Content have to be set to "Images" or "All",
otherwise IMG tags are skipped).
_________________________________________
Dmitry Yu. Bolkhovityanov
The Budker Institute of Nuclear Physics
Novosibirsk, Russia
On Sun, 7 Feb 2009, jplopezy@xxxxxxxxx wrote:
Application: Nokia N95-8
OS: Symbian
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
The nokia n95 is a smartphone, this phone have more tools, for example:
gps,mp3,camera,wireless.
:)
------------------------------------------------------
Vulnerability
The vulnerability is caused when opening a specially modified jpg file.
This bug cause crash in the browser or in the aplication with that is open
example "image editor" or Multimedia Messaging System.
------------------------------------------------------
POC/EXPLOIT
you can open this url with the browser or send mms with this image.
http://es.geocities.com/jplopezy/nokiacrash.jpg
------------------------------------------------------
Juan Pablo Lopez Yacubian
