Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2017-13183 CVE-2017-13208 CVE-2017-13210 CVE-2017-13209 CVE-2017-13211 CVE-2017-13199 CVE-2017-13197 CVE-2017-13196 CVE-2017-13195 CVE-2017-13193 CVE-2017-13192 CVE-2017-13191 CVE-2017-0855 CVE-2017-13184 CVE-2017-13182 CVE-2017-13181 CVE-2017-13180 CVE-2017-13179 CVE-2017-13178 CVE-2017-13177 CVE-2017-13176 |
| CWE-ID | CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU9932
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13183
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient privileges controls. A local attacker can use a specially crafted application, trigger an error in The Media framework component, gain system privileges and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Google Android: 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Remote code execution
EUVDB-ID: #VU9933
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-13208
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in System components. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU9934
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13210
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in System components. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU9935
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13209
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in System components. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 8.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Denial of service
EUVDB-ID: #VU9936
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13211
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in System components and cause the service to crash.
Install update from vendor's website.
Google Android: 8.0
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU9937
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13199
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 8.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Denial of service
EUVDB-ID: #VU9938
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13197
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 6.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU9939
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13196
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Denial of service
EUVDB-ID: #VU9940
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13195
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU9941
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13193
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Denial of service
EUVDB-ID: #VU9942
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13192
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Denial of service
EUVDB-ID: #VU9943
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-13191
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Denial of service
EUVDB-ID: #VU9944
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-0855
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.
Install update from vendor's website.
Google Android: 5.1.1 - 8.0
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Privilege escalation
EUVDB-ID: #VU9945
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13184
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 8.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Privilege escalation
EUVDB-ID: #VU9946
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13182
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 8.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Privilege escalation
EUVDB-ID: #VU9947
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13181
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 7.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Privilege escalation
EUVDB-ID: #VU9948
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13180
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 6.0 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Remote code execution
EUVDB-ID: #VU9949
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-13179
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Media framework component. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Google Android: 6.0.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Remote code execution
EUVDB-ID: #VU9950
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-13178
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Media framework component. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Google Android: 6.0.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Remote code execution
EUVDB-ID: #VU9951
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-13177
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in Media framework component. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Privilege escalation
EUVDB-ID: #VU9931
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13176
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the Android runtime component. A remote attacker can gain system privileges and perform further attacks.
Install update from vendor's website.
Google Android: 5.1.1 - 8.1
CPE2.3 External linkshttps://source.android.com/security/bulletin/2018-01-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
