Main Vulnerability Database Exploits ID:4324 - Exploit for Input validation error in Google Android - CVE-2011-2357

ID:4324 - Exploit for Input validation error in Google Android - CVE-2011-2357

Published: August 11, 2020

Vulnerability identifier: #VU44801

Vulnerability risk: Medium

CVE-ID: CVE-2011-2357

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Google Android

Link to public exploit:

https://www.exploit-db.com/exploits/36006/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Remediation

Install update from vendor's website.

ID:4324 - Exploit for Input validation error in Google Android - CVE-2011-2357

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human