The Research in Motion (RIM) BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description (JAD) file.
The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to describe Java applications (icons, size, description, vendor, platform requirements, etc) to the BlackBerry Handheld. From RIM Technical Knowledge Center article KB-04755:
If the JAD file is formatted to contain a long application name and vendor string (i.e., 256 or more characters) to your BlackBerry device, the browser appears to stop responding.
By convincing a user to access a specially crafted JAD file, an unauthenticated, remote attacker could cause the browser to hang.
According to RIM Technical Knowledge Center article KB-04755: "Install BlackBerry Device Software 4.0.2 or later. To obtain the most recent version of the device software, contact your service provider."
This vulnerability was reported by FX of Phenoelit. Thanks to RIM for information used in this document.
This document was written by Art Manion.
|Date First Published:||2005-12-31|
|Date Last Updated:||2005-12-31 08:31 UTC|