Search...

Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability

2009-08-09T00:00:00

ID SECURITYVULNS:DOC:22286
Type securityvulns
Reporter Securityvulns
Modified 2009-08-09T00:00:00

Description

I. Description

The Palm Pre WebOS version 1.0.4 and below allows a remote attacker to execute arbitrary HTML code on the phone via certain applications. The affected applications involve the native email client via the notifications system as well as the native calendar application.

The vendor has been contacted and a patch has been released:

WebOS 1.1 - http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#11

II. Impact

Email Notification System:

A remote attacker is able to construct a malicious email that will cause the Palm Pre WebOS to execute arbitrary HTML code if the notification system is enabled. Upon receiving a malicious email where the FROM field contains HTML code, the Palm Pre WebOS will issue a user a notification that an email has arrived and execute the HTML code of the attacker’s choice. This vulnerability does not require user interaction.

Calendar Application:

A remote attacker can create a malicious calendar event putting arbitrary HTML code inside the event/title field that can be executed without user interaction. To trigger this vulnerability, any of the following conditions can occur:

The victim Views the Calendar event and the malicious HTML will be executed.

The victim enables a reminder notice for the malicious calendar event, upon being notified of the reminder, the malicious HTML code will be executed.

The calendar event triggers and the malicious HTML code will be executed.

In cases where calendar events can be sent to users without interaction/acceptance, the risk of this vulnerability is higher.

III. Proof of Concept

The following HTML code can be used to provide a proof of concept for each of the vulnerabilities listed in this advisory:

"Test <META http-equiv="refresh" content="1;URL=http://www.google.com">"

IV. About

This vulnerability was discovered by Townsend Ladd Harris PalmPreHacker[at]gmail.com

Details of this vulnerability can be found at: http://tlhsecurity.blogspot.com/2009/08/palm-pre-webos-104-remote-execution-of.html

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:22286", "bulletinFamily": "software", "title": "Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability", "description": "I. Description\r\n\r\nThe Palm Pre WebOS version 1.0.4 and below allows a remote attacker to execute arbitrary HTML code on\r\nthe phone via certain applications. The affected applications involve the native email client via the\r\nnotifications system as well as the native calendar application.\r\n\r\nThe vendor has been contacted and a patch has been released:\r\n\r\nWebOS 1.1 - http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#11\r\n\r\nII. Impact\r\n\r\nEmail Notification System:\r\n\r\nA remote attacker is able to construct a malicious email that will cause the Palm Pre WebOS to execute\r\narbitrary HTML code if the notification system is enabled. Upon receiving a malicious email where the\r\nFROM field contains HTML code, the Palm Pre WebOS will issue a user a notification that an email has\r\narrived and execute the HTML code of the attacker\u2019s choice. This vulnerability does not require user\r\ninteraction.\r\n\r\nCalendar Application:\r\n\r\nA remote attacker can create a malicious calendar event putting arbitrary HTML code inside the\r\nevent/title field that can be executed without user interaction. To trigger this vulnerability, any of\r\nthe following conditions can occur:\r\n\r\n1. The victim Views the Calendar event and the malicious HTML will be executed.\r\n2. The victim enables a reminder notice for the malicious calendar event, upon being notified of the\r\nreminder, the\r\n malicious HTML code will be executed.\r\n3. The calendar event triggers and the malicious HTML code will be executed.\r\n\r\nIn cases where calendar events can be sent to users without interaction/acceptance, the risk of this\r\nvulnerability is higher.\r\n\r\nIII. Proof of Concept\r\n\r\nThe following HTML code can be used to provide a proof of concept for each of the vulnerabilities\r\nlisted in this advisory:\r\n\r\n"Test <META http-equiv="refresh" content="1;URL=http://www.google.com">"\r\n\r\nIV. About\r\n\r\nThis vulnerability was discovered by Townsend Ladd Harris PalmPreHacker[at]gmail.com\r\n\r\nDetails of this vulnerability can be found at:\r\nhttp://tlhsecurity.blogspot.com/2009/08/palm-pre-webos-104-remote-execution-of.html", "published": "2009-08-09T00:00:00", "modified": "2009-08-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22286", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:31", "edition": 1, "viewCount": 13, "enchantments": {"score": {"value": 2.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10133"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10133"]}]}, "exploitation": null, "vulnersScore": 2.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645632706}}