Main Vulnerability Database Exploits ID:7869 - Exploit for Permissions, Privileges, and Access Controls in Google Android - CVE-2014-8609

ID:7869 - Exploit for Permissions, Privileges, and Access Controls in Google Android - CVE-2014-8609

Published: May 19, 2022

Vulnerability identifier: #VU41010

Vulnerability risk: High

CVE-ID: CVE-2014-8609

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Google Android

Link to public exploit:

https://github.com/ratiros01/CVE-2014-8609-exploit

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.

Remediation

Install update from vendor's website.

ID:7869 - Exploit for Permissions, Privileges, and Access Controls in Google Android - CVE-2014-8609

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human