Main Vulnerability Database Vulnerabilities #VU748

Privilege Escalation in Google Android - CVE-2016-3916,CVE-2016-3915

Published: October 5, 2016

Vulnerability identifier: #VU748

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-3916,CVE-2016-3915

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local application to obtain elevated privileges on the target system.

The vulnerability exists due to improper validation of user-supplied input by the Camera service of the affected software. By tricking the victim to follow a malicious link or open a malicious file attackers can gain elevated privileges and cause the application to execute arbitrary code.

Successful exploitation of this vulnerability will result in privilege escalation on the vulnerable system.

How to mitigate CVE-2016-3916,CVE-2016-3915

Update to version 7.1.

Sources

http://source.android.com/security/bulletin/2016-10-01.html

Privilege Escalation in Google Android - CVE-2016-3916,CVE-2016-3915

Detailed vulnerability description

How to mitigate CVE-2016-3916,CVE-2016-3915

Sources

Please verify you're human