===============================================================
Model:              LG U8120 (other LG phones maybe vulnerable)
Auth:               http://www.lge.com
Vulnerability Type: Remote Denial Of Service
--



Disclaimer:
==========

The information is provided "as is" without warranty of any kind.
The author of this issue shall not be held liable for any
damages due to the informations contained in this advisory.



Vulnerability Description:
=========================


A vulnerability in LG U8120 Mobile Phone has been discovered.
A specially crafted midi file can be used to perform a 
denial of service attack against the device. 
Playing the malicious midi will cause the mobile phone 
to crash.



There are other vulnerable models?:
==================================

I think that other LG mobile phones are vulnerable 
to this attack, specially mobile phone with bluetooth 
features, like:

- LG G1610
- LG U8200
- LG U8210
- LG M4300

But i've not tested this flaw on those models.



Exploit:
========


www.lucaercoli.it/LG/lgfreeze.mid



How to exploit the vulnerability:
================================


In order to exploit the mentionated vulnerability, 
an attacker must send the midi file via mms to 
vulnerable device.


To perform the attack from LG U8120:
(WARNING: DOING THIS OPERATIONS YOU CAN BLOCK YOUR DEVICE!
          TO RESET IT USE THIS CODE:  277634#*#)

1- Save a mms draft with a dummy midi file
2- Connect mobile phone to PC and overwrite the dummy file with 'lgfreeze.mid'.
3- Send the mms draft.











credits:
-- 
Luca Ercoli    <io [at] lucaercoli.it>
    www.lucaercoli.it