Denial of Service Vulnerability in Nokia Web Browser
CVE-2009-0649

Currently unrated

Key Information:

Vendor: Nokia
Status: N95; Symbian S60 Browser
Vendor: CVE Published:; 20 February 2009

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-0649?

The web browser on the Nokia N95, powered by Symbian OS, is susceptible to a denial of service vulnerability. This issue occurs when an attacker utilizes specially crafted JavaScript code that invokes the setAttributeNode method. When executed, this code can lead to a crash of the web browser, effectively rendering it inoperable. The flaw highlights significant concerns in handling JavaScript within mobile web browsers, necessitating robust security measures for users to prevent exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0649 - Proof of Concept

References

https://www.exploit-db.com/exploits/8051

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/33767

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/500954/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 20, 2009
👾
Exploit known to exist
Feb 20, 2009
Vulnerability published
Feb 20, 2009
Vulnerability Reserved
Feb 20, 2009

CVE-2009-0649 Data

JSON