Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4710

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-4710
Last Modified 10 Mar 2014 01:25:47
Published 02 Mar 2014 11:50:46
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4710

Summary

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.

Vulnerable Systems

Operating System

  • Google Android 3.0

  • Google Android 3.1

  • Google Android 3.2

  • Google Android 3.2.1

  • Google Android 3.2.2

  • Google Android 3.2.4

  • Google Android 3.2.6

  • Google Android 4.0

  • Google Android 4.0.1

  • Google Android 4.0.2

  • Google Android 4.0.3

  • Google Android 4.0.4

  • Google Android 4.1

  • Google Android 4.1.2


References

MLIST - [oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean

JVNDB - JVNDB-2013-000111

JVN - JVN#53768697

CONFIRM - http://jvn.jp/en/jp/JVN53768697/995417/index.html

CONFIRM - http://jvn.jp/en/jp/JVN53768697/995312/index.html

CONFIRM - http://jvn.jp/en/jp/JVN53768697/995293/index.html

CONFIRM - http://jvn.jp/en/jp/JVN53768697/397327/index.html

CONFIRM - http://jvn.jp/en/jp/JVN53768697/113349/index.html

CONFIRM - http://emobile.jp/products/sh/a01sh/systemsoftware.html

MISC - http://50.56.33.56/blog/?p=314


Last Updated: 27 May 2016 11:04:32