Denial of Service Vulnerability in Palm Pre WebOS 1.1 by Palm
CVE-2009-5098

Currently unrated

Key Information:

Vendor: HP
Status: Palm Pre Webos
Vendor: CVE Published:; 13 September 2011

Summary

A vulnerability has been identified in the LunaSysMgr process of Palm Pre WebOS 1.1 and earlier versions that can be exploited by remote attackers to cause a denial of service. This occurs when the device is not displaying web pages in landscape mode. An attacker can leverage this vulnerability by sending a specially crafted web page containing a long string after a refresh tag, which triggers a floating point exception and leads to the crashing of the application.

References

http://www.securityfocus.com/archive/1/507126/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/so...

x_refsource_CONFIRM

http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-ve...

x_refsource_MISC

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 13, 2011
Vulnerability Reserved
Sep 13, 2011