A bug in Motorola's RAZR firmware could allow a malformed JPG file sent over MMS to overflow the stack, theoretically making it able to execute arbitrary code.

The exploit is hypothetical, and would be very hard to abuse, but it's still a serious enough prospect for Motorola to issue a fixed firmware download – even if it's taken them the best part of a year to do so.

The problem is in the EXIF parser, which extracts additional data from a JPG file when it's received. Exchangable Image File Format is a set of tags that can be embedded in image files, such as the location where the image was taken or the camera used to take it.

The problem was reported to the TippingPoint Zero Day Initiative back in October last year, and they informed Motorola at the time but kept the details to themselves until a fix was available. ®

Related stories

• So what's the easiest box to hack - Vista, Ubuntu or OS X? (19 March 2008)
• Reins put on key Vista SP1 update as Microhoo! is released into the wild (22 February 2008)
• Daft users and insecure web apps dominate threat index (27 November 2007)
• Exploit broker aims marketing machine at Unix app crack (17 November 2007)
• Security vuln auction site pulls in research (12 October 2007)
• Experts fret over credit card compliance (27 September 2007)
• Linkedin spurns bug bounty hunter (31 July 2007)
• Zero-day sales not 'fair' - to researchers (3 June 2007)