← back
CVE-2013-6272

CVE-2013-6272

EPSS 1.5%
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.htmlhttps://curesec.com/blog/article/blog/35.htmlhttp://seclists.org/fulldisclosure/2014/Jul/13https://exchange.xforce.ibmcloud.com/vulnerabilities/94423http://www.securityfocus.com/bid/68415