Overview
The Research in Motion (RIM) BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description (JAD) file.
Description
The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to describe Java applications (icons, size, description, vendor, platform requirements, etc) to the BlackBerry Handheld. From RIM Technical Knowledge Center article KB-04755: If the JAD file is formatted to contain a long application name and vendor string (i.e., 256 or more characters) to your BlackBerry device, the browser appears to stop responding. |
Impact
By convincing a user to access a specially crafted JAD file, an unauthenticated, remote attacker could cause the browser to hang. |
Solution
Upgrade According to RIM Technical Knowledge Center article KB-04755: "Install BlackBerry Device Software 4.0.2 or later. To obtain the most recent version of the device software, contact your service provider." |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by FX of Phenoelit. Thanks to RIM for information used in this document.
This document was written by Art Manion.
Other Information
CVE IDs: | CVE-2005-2343 |
Severity Metric: | 2.46 |
Date Public: | 2005-12-27 |
Date First Published: | 2005-12-31 |
Date Last Updated: | 2005-12-31 08:31 UTC |
Document Revision: | 12 |