Published: 03/03/2014 Updated: 10/03/2014

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 941

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Android 3.0 up to and including 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote malicious users to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 4.0
google android 3.2.6
google android 3.2.4
google android 3.2.2
google android 4.0.4
google android 4.0.2
google android 3.2
google android 3.0
google android 4.1.2
google android 4.1
google android 4.0.3
google android 4.0.1
google android 3.2.1
google android 3.1

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remo ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :os_flavor => "Android ...

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface met…

CVE-2013-4710-WebView-RCE-Vulnerability Vulnerability Description A lot of the time we use WebView to display a Webpage,for example many applications in order to achieve the server control, many results page is Webpage, rather than the local implementation, which has many advantages, such as interface change does not need to release a new version, directly modify the line at Se

CompatWebView CompatWebView 是为了解决 WebView 的 JavaScriptInterface 注入漏洞漏洞介绍：CVE-2012-6636 CVE-2013-4710 官方说明：addJavaScriptInterface This method can be used to allow JavaScript to control the host application This is a powerful feature, but also presents a security risk for apps targeting JELLY_BEAN or earlier Apps that target a versi

Results of PoC Publishing

Securelist • Victor Chebyshev Roman Unuchek Victoria Vlasova • 11 May 2016

There are two crucial features of the Android OS protection system: These approaches greatly complicate malware writers’ lives: to infect a mobile device, they have to resort to ruses of social engineering. The victim is literally tricked into force-installing a Trojan. This is definitely not always possible, as users become more aware, and it is not that easy to trick them. Invisible installation of a malware app onto a mobile device without a user’s knowledge is definitely a daydream of ma...

CVE-2013-4710

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect