Lucene search

Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.ANDROID:CVE-2017-0722

HistoryAug 01, 2017 - 12:00 a.m.

CVE-2017-0722

2017-08-0100:00:00

Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.

www.androidvulnerabilities.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827.

CPENameOperatorVersion
androidlt4.4.4
androidlt7.0
androidlt7.1.1
androidlt5.1.1
androidlt5.0.2
androidlt7.1.2
androidlt6.0.1
androidlt6.0

Name	Operator	Version
android	lt	4.4.4
android	lt	7.0
android	lt	7.1.1
android	lt	5.1.1
android	lt	5.0.2
android	lt	7.1.2
android	lt	6.0.1
android	lt	6.0

References

android.googlesource.com/platform/frameworks/av/+/26557d832fde349721500b47d51467c046794ae9

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2017-08-01.html

source.android.com/security/overview/acknowledgements

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for ANDROID:CVE-2017-0722