CVE-2008-2548

Current Description

Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.

Basic Data

PublishedJune 04, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMotorolaRazr********

Vulnerable Software List

VendorProductVersions
Motorola Razr *

References

NameSourceURLTags
30409http://secunia.com/advisories/30409SECUNIA
20080527 ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerabilityhttp://www.securityfocus.com/archive/1/492668/100/0/threadedBUGTRAQ
1020117http://www.securitytracker.com/id?1020117SECTRACK
ADV-2008-1671http://www.vupen.com/english/advisories/2008/1671/referencesVUPEN
http://www.zerodayinitiative.com/advisories/ZDI-08-033/http://www.zerodayinitiative.com/advisories/ZDI-08-033/MISC
razr-jpeg-bo(42656)https://exchange.xforce.ibmcloud.com/vulnerabilities/42656XF