The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android prior to 5.0.0 does not properly create a PendingIntent, which allows malicious users to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 4.4 |
||
google android 4.4.1 |
||
google android 4.4.2 |
||
google android 4.4.3 |
||
google android 4.0 |
||
google android 4.0.2 |
||
google android 4.2.2 |
||
google android 4.3.1 |
||
google android |
||
google android 4.0.4 |
||
google android 4.1 |
||
google android 4.1.2 |
||
google android 4.2 |
||
google android 4.0.1 |
||
google android 4.0.3 |
||
google android 4.2.1 |
||
google android 4.3 |