Main Vulnerability Database Exploits ID:3891 - Exploit for Permissions, Privileges, and Access Controls in Google Android - CVE-2016-2417

ID:3891 - Exploit for Permissions, Privileges, and Access Controls in Google Android - CVE-2016-2417

Published: August 9, 2020

Vulnerability identifier: #VU40355

Vulnerability risk: High

CVE-ID: CVE-2016-2417

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Google Android

Link to public exploit:

https://www.exploit-db.com/exploits/39685/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.

Remediation

Install update from vendor's website.

ID:3891 - Exploit for Permissions, Privileges, and Access Controls in Google Android - CVE-2016-2417

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human