CVE-2015-4641

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*
OR cpe:2.3:h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s6:*:*:*:*:*:*:*:*

Information

Published : 2015-06-19 07:59

Updated : 2016-12-07 10:13


NVD link : CVE-2015-4641

Mitre link : CVE-2015-4641


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

swiftkey

  • swiftkey_sdk

samsung

  • galaxy_s5
  • galaxy_s6
  • galaxy_s4
  • galaxy_s4_mini