Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-3864

Published: 01/10/2015 Updated: 16/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Google

Vulnerability Summary

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android prior to 5.1.1 LMY48M allows remote malicious users to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android

Exploits

Exploit DB: Google Android - libstagefright Integer Overflow Remote Code Execution
#!/usr/bin/python2 import cherrypy import os import pwnlibasm as asm import pwnlibelf as elf import sys import struct with open('shellcodebin', 'rb') as tmp: shellcode = tmpread() while len(shellcode) % 4 != 0: shellcode += '\x00' # heap grooming configuration alloc_size = 0x20 groom_count = 0x4 spray_size = 0x100000 spray_count = 0x10 ...
Exploit DB: Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule &lt; Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::RopDb def initialize(info={}) super(upd ...
Exploit DB: Google Android 5.0.1 - Metaphor Stagefright (ASLR Bypass)
Source: githubcom/NorthBit/Metaphor Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd Link to whitepaper: rawgithubusercontentcom/NorthBit/Public/master/NorthBit-Metaphorpdf Twitter: twittercom/High_Byte Metaphor's source code is now released! The source include a PoC that generates MP4 explo ...

Github Repositories

https://github.com/eudemonics/scaredycat

Python script to generate a malicious MP4 file and start a CherryPy web server hosting a simple HTML page with the embedded file. Exploits another Stagefright vulnerability, the integer overflow (CVE-2015-3864).

SCAREDYCAT! version 01 beta Python script to generate a malicious MP4 file and start a web server hosting a page with the embedded 'video' file on port 8080 This exploits another Stagefright vulnerability, the integer overflow vulnerability (CVE-2015-3864), published by Exodus Intelligence author: vvn (eudemonics) &lt;root [at] nobody [dot] ninja&gt; built

https://github.com/pwnaccelerator/stagefright-cve-2015-3864

PoC - Binary patches for CVE-2015-3864 (NOT for production, use at your own risk)

stagefright-cve-2015-3864 PoC - Binary patches for CVE-2015-3864 (NOT for production, use at your own risk)

https://github.com/HighW4y2H3ll/libstagefrightExploit

libstagefrightExploit CVE-2015-3864 Exploit Re-implementation on Android 412 Blog: h3ysatanblogspotjp/2016/04/cve-2015-3864-libstagefrighthtml

https://github.com/Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864

Exploiting-Stagefright-Vulnerability-CVE-2015-3864 Stagefright refers to a set of software flaws in Android versions 22 "Froyo" through 511 "Lollipop," which affected 95% of all Android phones still If the vulnerability is exploited, an attacker can use remote code execution and privilege escalation to do arbitrary actions on the victim's device So

Recent Articles

Stagefright flaw still a nightmare: '850 million' Androids face hijack risk
The Register • John Leyden • 23 Mar 2016

One step forward, two steps back

Mobile security biz Zimperium reckons 600 to 850 million Android devices are still vulnerable to a Stagefright flaw that lets webpages and videos inject malware into phones and tablets. Stagefright is a software library buried deep within Android that processes multimedia files. It is used by a key Android component called mediaserver, which runs with higher access to the device than normal apps. When Stagefright is fed specially crafted video files, such as from a text message or website, these...

Read more...
'Millions' of Android mobes vulnerable to new Stagefright exploit
The Register • Richard Chirgwin • 17 Mar 2016

Paper lays out how to bypass Google's ASLR

A group of Israeli researchers reckon they've cracked the challenge of crafting a reliable exploit for the Stagefright vulnerability that emerged in Android last year. In a paper [PDF] that's a cookbook on how to build the exploit for yourself, they suggest millions of unpatched Android devices are vulnerable to their design, which bypasses Android's security defenses. Visiting a hacker's webpage is enough to trigger a system compromise, we're told. Since no hot piece of infosec action exists wi...

Read more...
Google flubs patch for Stagefright security bug in 950 million Androids
The Register • Iain Thomson in San Francisco • 13 Aug 2015

Update flawed, new one needed for countless gadgets

Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text messages that contain video clips. By sending a vulnerable Android device a specially crafted multimedia message, it is possible to inject and execute malicious code on that gadget. It affects Android 2.2 to 5.1, so about 950 mil...

Read more...

References

CWE-189https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJhttps://blog.zimperium.com/cve-2015-3864-metasploit-module-now-available-for-testing/http://www.securityfocus.com/bid/76682https://blog.zimperium.com/reflecting-on-stagefright-patches/https://www.exploit-db.com/exploits/40436/https://www.exploit-db.com/exploits/39640/https://www.exploit-db.com/exploits/38226/https://nvd.nist.govhttps://github.com/eudemonics/scaredycathttps://www.exploit-db.com/exploits/38226/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook