Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-1538

Published: 01/10/2015 Updated: 21/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Google

Vulnerability Summary

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android prior to 5.1.1 LMY48I allows remote malicious users to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android

Exploits

Exploit DB: Google Android - 'Stagefright' Remote Code Execution
#!/usr/bin/env python # Joshua J Drake (@jduck) of ZIMPERIUM zLabs # Shout outs to our friends at Optiv (formerly Accuvant Labs) # (C) Joshua J Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 # wwwzimperiumcom # # Exploit for RCE Vulnerability CVE-2015-1538 #1 # Integer Overflow in the libstagefright MP4 ‘stsc’ atom handling # # Don’ ...
Exploit DB: Android Stagefright Remote Code Execution
Android Stagefright remote code execution exploit that leverages an integer overflow in the libstagefright MP4 'stsc' atom handling ...

Github Repositories

https://github.com/froweedRU/2015_1538

Vuln 2015_1538

2015_1538 #!/usr/bin/env python Joshua J Drake (@jduck) of ZIMPERIUM zLabs Shout outs to our friends at Optiv (formerly Accuvant Labs) (C) Joshua J Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 wwwzimperiumcom Exploit for RCE Vulnerability CVE-2015-1538 #1 Integer Overflow in the libstagefright MP4 'stsc' atom handling Don't forget, the output of &qu

https://github.com/Tharana/Android-vulnerability-exploitation

Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538

Android-vulnerability-exploitation Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538 Absolutely, I always choose Linux vulnerability, but then I had to choose different vulnerability else because I didn't know two people could do the same thing And then Having learned of this, I chose a different vulnerability, But because I had already solved

https://github.com/Tharana/vulnerability-exploitation

Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287/Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538

vulnerability-exploitation Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287/Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538 Absolutely, I always choose Linux vulnerability, but then I had to choose different vulnerability else because I didn't know two people could do the same thing And then Havi

https://github.com/niranjanshr13/Stagefright-cve-2015-1538-1

Cve-2015-1538-1

Stagefright-cve-2015-1538-1 Discovered by Joshua J Drake (@jduck) of ZIMPERIUM zLabs and fixed his project by Niranjan Shrestha (@niranjanshr13) Exploit for RCE Vulnerability CVE-2015-1538 #1 Integer Overflow in the libstagefright MP4 'stsc' atom handling Don't forget, the output of "create_mp4" can be delivered many ways! MMS is the most dangerous at

Recent Articles

It's BACK – Stagefright 2.0: Zillions of Android gadgets can be hijacked by MP3s, movie files
The Register • Darren Pauli • 01 Oct 2015

Pop tunes pop phones

Updated More than a billion Android phones, tablets and other gadgets can be hijacked by merely previewing MP3 music or MP4 video files. Booby-trapped songs and vids downloaded from the web or emails can potentially compromise vulnerable devices, and install spyware, password-stealing malware, and so on. This is all thanks to two remote-code execution flaws billed as the second iteration of the original Stagefright vulnerability. Zimperium researcher Joshua J Drake found the pair of Android secu...

Read more...
Zimperium unleashes Android Stagefright exploit code on world
The Register • John Leyden • 09 Sep 2015

BOO! Now giddyup and get testing

Security researchers at Zimperium have released a working version of Stagefright exploit code. Zimperium said it was publishing the software so that administrators and penetration testers can validate the effectiveness of the Android community's response to patching the security hole. Google is only just getting around to publishing a comprehensive fix for Stagefright, following a flawed attempt to fix the mega-vuln last month. The Stagefright vulnerability (CVE-2015-1538) can allow remote code ...

Read more...

References

CWE-189https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJhttps://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398http://www.securityfocus.com/bid/76052http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.htmlhttp://www.huawei.com/en/psirt/security-advisories/hw-448928http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://www.exploit-db.com/exploits/38124/http://www.securitytracker.com/id/1033094https://nvd.nist.govhttps://www.exploit-db.com/exploits/38124/https://github.com/froweedRU/2015_1538
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook