Vulnerability Note VU#829400
Research in Motion (RIM) BlackBerry Handheld web browser does not properly handle Java Application Description (JAD) files
The Research in Motion (RIM) BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description (JAD) file.
The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to describe Java applications (icons, size, description, vendor, platform requirements, etc) to the BlackBerry Handheld. From RIM Technical Knowledge Center article KB-04755:
If the JAD file is formatted to contain a long application name and vendor string (i.e., 256 or more characters) to your BlackBerry device, the browser appears to stop responding.
By convincing a user to access a specially crafted JAD file, an unauthenticated, remote attacker could cause the browser to hang.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Research in Motion (RIM)||Affected||-||31 Dec 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by FX of Phenoelit. Thanks to RIM for information used in this document.
This document was written by Art Manion.
- CVE IDs: CAN-2005-2343
- Date Public: 27 Dec 2005
- Date First Published: 31 Dec 2005
- Date Last Updated: 31 Dec 2005
- Severity Metric: 2.46
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.