Published: 01/10/2015 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android prior to 5.1.1 LMY48M allows malicious users to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android

Scudo Exploitation This repository contains the artifacts of the LINK TODO Exploiting Android's Hardened Memory Allocator paper gdb-plugin The gdb-plugin folder contains the gdb plugin which helps analyzing the scudo heap state The plugin is designed to be used for gef To use the plugin please install gef from: githubcom/hugsy/gef There is also a port for pwndb

CWE-189 https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14 https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254 https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf https://nvd.nist.gov https://github.com/HexHive/scudo-exploitation

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1528

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect