CVE-2014-7952

Published: Jan 12, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (12)

http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/Jul/46

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/archive/1/535980/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/75705

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/irsl/ADB-Backup-APK-Injection/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html