LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vulnerability
BID:13154
Info
LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vulnerability
| Bugtraq ID: | 13154 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2005 12:00AM |
| Updated: | Apr 13 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Luca Ercoli <[email protected]>. |
| Vulnerable: |
LG U8210 LG U8200 LG U8120 LG M4300 |
| Not Vulnerable: | |
Discussion
LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vulnerability
A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The report indicates that the issue manifests when an affected phone processes a malicious MIDI file.
A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The report indicates that the issue manifests when an affected phone processes a malicious MIDI file.
Exploit / POC
LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vulnerability
A proof of concept MIDI file is available at the following location:
www.lucaercoli.it/LG/lgfreeze.mid
The following instructions are available:
To perform the attack from LG U8120:
(WARNING: DOING THIS OPERATIONS YOU CAN BLOCK YOUR DEVICE!
TO RESET IT USE THIS CODE: 277634#*#)
1- Save a mms draft with a dummy midi file
2- Connect mobile phone to PC and overwrite the dummy file with 'lgfreeze.mid'.
3- Send the mms draft.
A proof of concept MIDI file is available at the following location:
www.lucaercoli.it/LG/lgfreeze.mid
The following instructions are available:
To perform the attack from LG U8120:
(WARNING: DOING THIS OPERATIONS YOU CAN BLOCK YOUR DEVICE!
TO RESET IT USE THIS CODE: 277634#*#)
1- Save a mms draft with a dummy midi file
2- Connect mobile phone to PC and overwrite the dummy file with 'lgfreeze.mid'.
3- Send the mms draft.
Solution / Fix
LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vulnerability
References:
References:
- LG Homepage (LG)
- LG U8120 (other LG phones maybe vulnerable) (Luca Ercoli)
- LG U8120 Mobile Phone Denial of Service (Luca Ercoli