CVE-2014-1670

Published: Jan 25, 2014Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.

Affected (1)

Products: Microsoft: Bing

Microsoft

1 product

Bing

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Bing	Up to 4.2.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/

Source: cve@mitre.org

Exploit

http://osvdb.org/102575

Source: cve@mitre.org

http://www.securityfocus.com/bid/65128

Source: cve@mitre.org

http://www.youtube.com/watch?v=_j1RKtTxZ3k

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/90977

Source: cve@mitre.org

https://play.google.com/store/apps/details?id=com.microsoft.bing

Source: cve@mitre.org

http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/