CVE-2008-5825

Name of the Vulnerable Software and Affected Versions Nokia 6131 Near Field Communication (NFC) phone with firmware version 05.12

Description The issue concerns the SmartPoster implementation, which does not properly display the URI record when the Title record contains a specific combination of space, CR (aka r), and . (dot) characters. This allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag. Examples of exploitation include loading an http: URI for a malicious web site, a tel: URI for a premium-rate telephone number, and an sms: URI that triggers the purchase of a ringtone.

Recommendations For Nokia 6131 Near Field Communication (NFC) phone with firmware version 05.12, consider disabling the SmartPoster feature until a patch is available to prevent exploitation. Restrict access to crafted NDEF tags to minimize the risk of loading arbitrary URIs. Avoid using the phone's NFC functionality with untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.