QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5825

Published: Jan 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf

x_refsource_MISC

vdb-entry

x_refsource_BID

http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt

x_refsource_MISC

http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf

x_refsource_MISC

http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html

x_refsource_MISC

nokia-6131-ndef-uri-spoofing(44527)

vdb-entry

x_refsource_XF

20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory

mailing-list

x_refsource_BUGTRAQ

http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf

x_refsource_MISC

20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.