var-201507-0368
Vulnerability from variot
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Authentication is not required to exploit this vulnerability.The specific flaw exists within the com.absolute.android.persistence.MethodSpec Class. The createFromParcel() method performs dynamic class loading but does not restrict the source of the classes to be loaded. The Samsung Galaxy S5 is a smartphone released by South Korea's Samsung. Failed exploit attempts will cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0368",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "galaxy s5",
"scope": null,
"trust": 2.1,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s5",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s5",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "BID",
"id": "75403"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Team MBSD",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"db": "BID",
"id": "75403"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
],
"trust": 1.6
},
"cve": "CVE-2015-4034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-4034",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CNVD-2015-04197",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4034",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-4034",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-638",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Authentication is not required to exploit this vulnerability.The specific flaw exists within the com.absolute.android.persistence.MethodSpec Class. The createFromParcel() method performs dynamic class loading but does not restrict the source of the classes to be loaded. The Samsung Galaxy S5 is a smartphone released by South Korea\u0027s Samsung. Failed exploit attempts will cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "BID",
"id": "75403"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4034",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-15-256",
"trust": 4.0
},
{
"db": "BID",
"id": "75403",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2613",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04197",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "BID",
"id": "75403"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"id": "VAR-201507-0368",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04197"
}
],
"trust": 1.1273833999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04197"
}
]
},
"last_update_date": "2023-12-18T13:57:36.042000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Samsung Galaxy S5",
"trust": 0.8,
"url": "http://www.samsung.com/jp/microsite/galaxys5/specs.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "NVD",
"id": "CVE-2015-4034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-256/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75403"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4034"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4034"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-256"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/global/microsite/galaxys5/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "BID",
"id": "75403"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "BID",
"id": "75403"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75403"
},
{
"date": "2015-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"date": "2015-07-06T14:59:02.407000",
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"date": "2015-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-256"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75403"
},
{
"date": "2015-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003489"
},
{
"date": "2016-12-06T03:01:56.433000",
"db": "NVD",
"id": "CVE-2015-4034"
},
{
"date": "2015-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy S5 Remote Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04197"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-638"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "75403"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.