Privilege escalation in Google Android - CVE-2017-13183
Published: January 10, 2018 / Updated: January 24, 2018
Vulnerability identifier: #VU9932
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-13183
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient privileges controls. A local attacker can use a specially crafted application, trigger an error in The Media framework component, gain system privileges and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to insufficient privileges controls. A local attacker can use a specially crafted application, trigger an error in The Media framework component, gain system privileges and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-13183
Install update from vendor's website.