Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-6636

Published: 03/03/2014 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Android Api

Vulnerability Summary

The Android API prior to 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote malicious users to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android api 6.0

google android api 15.0

google android api 3.0

google android api 8.0

google android api 11.0

google android api 9.0

google android api 2.0

google android api 12.0

google android api 7.0

google android api 1.0

google android api 13.0

google android api 14.0

google android api 4.0

google android api

google android api 5.0

google android api 10.0

Exploits

Exploit DB: Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remo ...
Exploit DB: Boat Browser 8.0 / 8.0.1 Remote Code Execution
Boat Browser versions 80 and 801 suffer from a remote code execution vulnerability ...

Github Repositories

https://github.com/MrR3boot/mrr3boot.github.io

Quick Repo for any Bug Hunter

Bug Bounty Hunting: I prefer below available resources to succeed in Bug Bounty Hunting I'll update this monthly with new techniques Platforms: OpenBugBounty - (XSS/CSRF/IDOR)(Will accept report from any site) BugCrowd HackerOne Cobaltio SynAck (Only invited researchers) Other self hosted programs by different domains (Facebook Whitehat/Google VRP/ AT&T BB) Su

https://github.com/hackealy/Pentest-Mobile

Vulnerability Exploitation

Pentest-Mobile Vulnerability Exploitation Algumas das ferramentas mais utilizadas para testes de segurança em dispositivos Android incluem: AndroBugs Framework: uma ferramenta de análise estática que permite identificar vulnerabilidades em códigos-fonte de aplicativos Android Apktool: uma ferramenta de engenharia reversa que permite analisar e modif

https://github.com/BCsl/WebViewCompat

CompatWebView CompatWebView 是为了解决 WebView 的 JavaScriptInterface 注入漏洞 漏洞介绍:CVE-2012-6636 CVE-2013-4710 官方说明:addJavaScriptInterface This method can be used to allow JavaScript to control the host application This is a powerful feature, but also presents a security risk for apps targeting JELLY_BEAN or earlier Apps that target a versi

https://github.com/xckevin/AndroidWebviewInjectDemo

An app demo for test android webview security issue: CVE-2012-6636

AndroidWebviewInjectDemo An app demo for test android webview security issue: CVE-2012-6636

Recent Articles

Results of PoC Publishing
Securelist • Victor Chebyshev Roman Unuchek Victoria Vlasova • 11 May 2016

There are two crucial features of the Android OS protection system: These approaches greatly complicate malware writers’ lives: to infect a mobile device, they have to resort to ruses of social engineering. The victim is literally tricked into force-installing a Trojan. This is definitely not always possible, as users become more aware, and it is not that easy to trick them. Invisible installation of a malware app onto a mobile device without a user’s knowledge is definitely a daydream of ma...

Read more...

References

CWE-264http://www.internetsociety.org/ndss2014/programme#session3http://openwall.com/lists/oss-security/2014/02/07/9http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdfhttp://50.56.33.56/blog/?p=314http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1https://support.lenovo.com/us/en/product_security/len_6421http://jvn.jp/en/jp/JVN62161191/index.htmlhttp://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object%2C%20java.lang.String%29https://nvd.nist.govhttps://www.exploit-db.com/exploits/41675/https://github.com/MrR3boot/mrr3boot.github.io
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook