Original URL: http://www.theregister.co.uk/2008/05/28/razr_security_jpg/

JPG hole cuts RAZR open

Motorola handset vulnerable

By Bill Ray

Posted in Mobile, 28th May 2008 11:54 GMT

A bug in Motorola's RAZR firmware could allow a malformed JPG file sent over MMS to overflow the stack, theoretically making it able to execute arbitrary code.

The exploit is hypothetical, and would be very hard to abuse, but it's still a serious enough prospect for Motorola to issue a fixed firmware download – even if it's taken them the best part of a year to do so.

The problem is in the EXIF parser, which extracts additional data from a JPG file when it's received. Exchangable Image File Format is a set of tags that can be embedded in image files, such as the location where the image was taken or the camera used to take it.

The problem was reported to the TippingPoint Zero Day Initiative back in October last year, and they informed Motorola at the time but kept the details to themselves until a fix was available. ®