CVE-2015-7889

Published: Dec 28, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Android	Up to 5.1.1

Running on/with	Platform Versions
Samsung Galaxy S6 Edge	All versions

Related CWEs

References (8)

http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/77339

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://www.exploit-db.com/exploits/38558/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/77339

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://www.exploit-db.com/exploits/38558/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.