Published: 04/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.0
google android 7.1.0
google android 7.1.1
google android 7.1.2
google android 7.0
google android 6.0.1
google android 6.0

CVE-2017-0806 PoC (Android GateKeeperResponse writeToParcel/createFromParcel mismatch)

Android writeToParcel/createFromParcel mismatch bug PoC See michalbednarski/IntentsLab#2 (comment) for description of bug This repositiory contains PoC for CVE-2017-0806, which is mismatch in GateKeeperResponse class

Patch your Android, peeps, it has up to 14 nasty flaws to flog

The Register • Iain Thomson in San Francisco • 03 Oct 2017

There's a nasty bug in media file handling – deja vu, right?

Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege escalation bugs can be used by dodgy apps to gain control of handsets and tablets. There's also a remote-code execution flaw in the Dnsmasq tool used by Android. Details ...

CVE-2017-0806

Vulnerability Summary

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect