Main Vulnerability Database Vulnerabilities #VU34536

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Google Android - CVE-2017-18652

Published: April 7, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34536

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-18652

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017).

How to mitigate CVE-2017-18652

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Google Android - CVE-2017-18652

Detailed vulnerability description

How to mitigate CVE-2017-18652

Sources

Please verify you're human