Published: 07/07/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 4.4.4

Just an attempt to adapt for Note 4, I do not know what I am doing.

CVE-2014-4322_adaptation Just an attempt to adapt for Note 4, I do not know what I am doing There is currently a way to write to system using ADB (CVE-2014-7951 and CVE-2014-7953) zxz0O0 has confirmed writing to system works What we needed was to gain System UID to execute CVE-2014-4322 I am looking at how CVE-2014-4322 works to see if I could wrap it in an APK which may al

CWE-362 http://www.securityfocus.com/bid/74213 http://seclists.org/fulldisclosure/2015/Apr/52 http://www.securityfocus.com/archive/1/535296/100/1100/threaded https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E%21/https://nvd.nist.gov https://github.com/askk/CVE-2014-4322_adaptation

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7953

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect