Google Android Media framework Multiple Remote Code Execution Vulnerabilities

Bugtraq ID:	104761
Class:	Unknown
CVE:	CVE-2018-9411 CVE-2018-9424 CVE-2018-9428 CVE-2018-9412 CVE-2018-9421
Remote:	Yes
Local:	No
Published:	Jul 02 2018 12:00AM
Updated:	Jul 02 2018 12:00AM
Credit:	Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team, Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd, Cusas of L.O. Team, and Tencent Blade Team.
Vulnerable:	Google Pixel XL 0 Google Pixel C 0 Google Pixel 2 XL 0 Google Pixel 2 0 Google Pixel 0 Google Nexus 9 Google Nexus 7 Google Nexus 6P Google Nexus 6 Google Nexus 5X Google Nexus 5 Google Nexus 4 Google Nexus 10 Google Android 7.1.1 Google Android 6.0.1 Google Android 8.1 Google Android 8.0 Google Android 7.1.2 Google Android 7.0 Google Android 6.0
Not Vulnerable:

Google Android Media framework Multiple Remote Code Execution Vulnerabilities

Google Android is prone to multiple remote code-execution vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of a privileged process. Failed attacks may cause a denial-of-service condition.

These issues are being tracked by Android Bug IDs A-79376389, A-76221123, A-74122779, A-78029004, and A-77237570.

Google Android Media framework Multiple Remote Code Execution Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].