Information disclosure in Google Android - CVE-2016-3918
Published: October 5, 2016
Vulnerability identifier: #VU750
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-3918
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local application to obtain potentially sensitive information on the target system.
The weakness exists due to improper validation of user-supplied input by the AOSP Mail service of the affected software. By tricking the victim to follow a malicious link or open a malicious file attackers can bypass operating system protections and access important data.
Successful exploitation of the vulnerability will result in information disclosure on the vulnerable system.
The weakness exists due to improper validation of user-supplied input by the AOSP Mail service of the affected software. By tricking the victim to follow a malicious link or open a malicious file attackers can bypass operating system protections and access important data.
Successful exploitation of the vulnerability will result in information disclosure on the vulnerable system.
How to mitigate CVE-2016-3918
Update to version 7.1.