AT+XLOG Vulnerability

Used as an injection vector in purplesn0w and older versions of ultrasn0w to unlock the X-Gold 608. Currently available in all baseband versions until 4.26.08.

Credit
Oranav

Exploit
There is a stack overflow in the AT+XLOG=1,"..." command, which allows unsigned code execution on the X-Gold 608.

at+xlog=1,"jjjjjjjjjjjjjjjjjjjjjjjjjjjj44445555PPPP" j's are junk R4 = 4 R5 = 5 PC = P

Implementation
The exploit is used in ultrasn0w and purplesn0w.