Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 02/01/2009 Updated: 08/08/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote malicious users to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nokia 6131 nfc 05.12

CWE-59 http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf http://www.securityfocus.com/bid/30716 https://exchange.xforce.ibmcloud.com/vulnerabilities/44527 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-5825

Vulnerability Summary

References

Vulmon Search

About

Products

Connect