← back
CVE-2015-7889

CVE-2015-7889

EPSS 2.2%
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38558/unverifiedexploitdbwww.exploit-db.com/exploits/38558unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1https://www.exploit-db.com/exploits/38558/http://www.securityfocus.com/bid/77339