Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 28 |
| CVE-ID | CVE-2017-0752 CVE-2017-0753 CVE-2017-6983 CVE-2017-0755 CVE-2017-0756 CVE-2017-0757 CVE-2017-0758 CVE-2017-0759 CVE-2017-0760 CVE-2017-0761 CVE-2017-0762 CVE-2017-0763 CVE-2017-0764 CVE-2017-0765 CVE-2017-0766 CVE-2017-0767 CVE-2017-0768 CVE-2017-0771 CVE-2017-0772 CVE-2017-0773 CVE-2017-0774 CVE-2017-0775 CVE-2017-0776 CVE-2017-0777 CVE-2017-0778 CVE-2017-0779 CVE-2017-0780 CVE-2017-0784 |
| CWE-ID | CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 28 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU8169
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0752
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper validation of user-supplied input. A local attacker can provide a specially crafted application to gain elevated privileges and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU8170
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0753
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 7.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU8171
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6983
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU8172
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0755
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file to escalate privileges.
The vulnerability is addressed in the following versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU8173
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0756
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU8174
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0757
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU8175
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0758
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU8176
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0759
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU8177
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0760
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU8178
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0761
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU8179
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0762
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU8180
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0763
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU8181
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0764
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU8182
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0765
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU8183
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0766
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and execute arbitrary code on the device.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Privilege escalation
EUVDB-ID: #VU8184
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0767
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file to escalate privileges.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Privilege escalation
EUVDB-ID: #VU8185
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0768
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file to escalate privileges.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU8186
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0771
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and cause the device to crash.
The vulnerability is addressed in the following versions: 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU8187
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and cause the device to crash.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.1
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU8188
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0773
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and cause the device to crash.
The vulnerability is addressed in the following versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU8189
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0774
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and cause the device to crash.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU8190
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0775
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and cause the device to crash.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU8191
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0776
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and gain access to arbitrary files or cause the device to crash.
The vulnerability is addressed in the following versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU8192
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and gain access to arbitrary files or cause the device to crash.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU8193
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0778
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and gain access to arbitrary files or cause the device to crash.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Vulnerable software versionsGoogle Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU8194
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0779
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and gain access to arbitrary files.
The vulnerability is addressed in the following versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Google Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU8195
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0780
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to improper validation of user-supplied input. A remote attacker can supply a specially crafted file and cause the messages app to crash.
The vulnerability is addressed in the following versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Vulnerable software versionsGoogle Android: 4.0 - 5.1.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Privilege escalation
EUVDB-ID: #VU8196
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0784
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions and gain elevated privileges.
The weakness exists due to improper validation of user-supplied input. A local attacker can provide a specially crafted application to bypass user interaction requirements in order to gain access to arbitrary data.
The vulnerability is addressed in the following versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.
Google Android: 4.0 - 8.0
External linkshttp://source.android.com/security/bulletin/2017-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
