Open Handset Alliance Android Multiple Security Vulnerabilities
BID:51909
Info
Open Handset Alliance Android Multiple Security Vulnerabilities
| Bugtraq ID: | 51909 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2012 12:00AM |
| Updated: | Mar 19 2015 08:11AM |
| Credit: | 80vul |
| Vulnerable: |
Open Handset Alliance Android 2.3.5 Open Handset Alliance Android 2.3.2 Open Handset Alliance Android 2.3.1 Open Handset Alliance Android 2.0.1 Open Handset Alliance Android 3.5 Open Handset Alliance Android 3.2 Open Handset Alliance Android 3.1 Open Handset Alliance Android 3.0 Open Handset Alliance Android 2.4 Open Handset Alliance Android 2.3.6 Open Handset Alliance Android 2.3.4 Open Handset Alliance Android 2.3 Open Handset Alliance Android 2.2 Open Handset Alliance Android 2.1.1 Open Handset Alliance Android 2.1 Open Handset Alliance Android 2.0 Open Handset Alliance Android 1.5 CRCxx Open Handset Alliance Android 1.5 CRBxx Open Handset Alliance Android 1.5 CRB-43 Open Handset Alliance Android 1.5 CRB-42 Open Handset Alliance Android 1.5 COCxx Open Handset Alliance Android 1.5 CBDxx Open Handset Alliance Android 1.5 Open Handset Alliance Android 1.0 Open Handset Alliance Android 0 |
| Not Vulnerable: | |
Discussion
Open Handset Alliance Android Multiple Security Vulnerabilities
Open Handset Alliance Android is prone to the following vulnerabilities:
1. A security weakness.
2. A cross-site scripting vulnerability.
3. Multiple cross-domain scripting vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass the same-origin protection and obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
Open Handset Alliance Android is prone to the following vulnerabilities:
1. A security weakness.
2. A cross-site scripting vulnerability.
3. Multiple cross-domain scripting vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass the same-origin protection and obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
Exploit / POC
Open Handset Alliance Android Multiple Security Vulnerabilities
Attackers can use a browser to exploit some of these issues. In some cases the attacker must trick an unsuspecting victim into following a malicious URI.
The following example exploit and inputs are available:
Attackers can use a browser to exploit some of these issues. In some cases the attacker must trick an unsuspecting victim into following a malicious URI.
The following example exploit and inputs are available:
Solution / Fix
Open Handset Alliance Android Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Open Handset Alliance Android Multiple Security Vulnerabilities
References:
References:
- Android Multiple Vulnerabilities (www.80vul.com)
- Android Homepage (Open Handset Alliance)