A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
References
Link | Resource |
---|---|
https://www.securityfocus.com/bid/70222 | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2014/10/02/20 | Mailing List Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/96833 | Third Party Advisory VDB Entry |
https://daoyuan14.github.io/news/newattackvector.html | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-02-07 08:15
Updated : 2020-02-12 06:38
NVD link : CVE-2014-7224
Mitre link : CVE-2014-7224
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
- android