[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8609Date: (C)2014-12-22   (M)2023-12-22


The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://seclists.org/fulldisclosure/2014/Nov/81
http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html
http://xteam.baidu.com/?p=158
https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7

CPE    17
cpe:/o:google:android:4.4.1
cpe:/o:google:android:4.2.2
cpe:/o:google:android:4.0.4
cpe:/o:google:android:4.3.1
...
CWE    1
CWE-264

© SecPod Technologies