← volver
CVE-2013-4710

CVE-2013-4710

EPSS 42.6%
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
githubgithub.com/Snip3R69/CVE-2013-4710-WebView-RCE-Vulnerability1exploitdbwww.exploit-db.com/exploits/41675no verificadoexploitdbwww.exploit-db.com/exploits/31519no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://50.56.33.56/blog/?p=314http://emobile.jp/products/sh/a01sh/systemsoftware.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000111http://jvn.jp/en/jp/JVN53768697/113349/index.htmlhttp://jvn.jp/en/jp/JVN53768697/397327/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995293/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995312/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995417/index.htmlhttp://jvn.jp/en/jp/JVN53768697/index.htmlhttp://openwall.com/lists/oss-security/2014/02/18/11