Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500036-SHAREIT-FOR-ANDROID-VULNERABILITIES-NOSID
HistoryMay 08, 2017 - 12:00 a.m.

SHAREit for Android Vulnerabilities - Lenovo Support US

2017-05-0800:00:00
support.lenovo.com
9

0.041 Low

EPSS

Percentile

92.2%

JSON

**Lenovo Security Advisory:**LEN-6421
**Potential Impact:**Users with older Android versions may be vulnerable to remote code execution, or a UXSS attack and users with any Android version may be vulnerable to an intent scheme attack.
Severity: High

Lenovo SHAREit Application: End of Lenovo Support

Summary Description:
Vulnerabilities were identified on Android SHAREit versions lower than 3.5.98_ww. Lenovo recommends customers update to the latest version of SHAREit to mitigate these vulnerabilities.

SHAREit for Android is an application that may be preloaded on some Lenovo mobile devices or downloaded onto non-Lenovo Android devices that lets users share specified files and folders between smartphones, tablets and personal computers.

Fixes include
1. SHAREit for Android: When a user’s Android device’s OS version is earlier than 4.2, SHAREit Android versions lower than 3.5.98 are vulnerable to the following Android Remote Code Execution Vulnerabilities: CVE-2012-6636, CVE-2014-1939 or CVE-2014-7224.

2. SHAREit for Android: SHAREit Android versions lower than 3.5.98 are vulnerable to an intent scheme URL attack. This issue has been identified as CVE-2016-4782.

3. SHAREit for Android: When a user’s Android device’s OS version is earlier than 4.4, SHAREit Android versions lower than 3.5.98 are vulnerable to a UXSS attack. This issue has been identified as CVE-2016-4783.

Mitigation Strategy for Customers (what you should do to protect yourself):
Update to SHAREit for Android version 3.5.98_ww and above by going to the Google Play store and downloading the latest version available: https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps&hl=en

Acknowledgements:
Thanks to Nicky of Tencent Security Platform Department (CVE-2016-4782, CVE-2016-4783)

Other information and references:
CVE ID: CVE-2016-4782, CVE-2016-4783

Revision History:

Revision

|

Date

|

Description

—|—|—
1.1 |** 5/20/201**|** Edited potential impact to all users instead of only users with older Android versions**

**** ** 1.0**|** 5/19/2016**|** Initial release**

Related

lenovo 1
exploitpack 1
jvn 1
seebug 1
cvelist 8
nvd 8
prion 8
cve 8
exploitdb 1
zdt 1
ubuntucve 1
packetstorm 1
android 1
nessus 1
lenovo
lenovo
SHAREit for Android Vulnerabilities
2017-05-08 00:00:00
exploitpack
exploitpack
Boat Browser 8.08.0.1 - Remote Code Execution
2014-07-16 00:00:00
jvn
jvn
JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution
2020-07-28 00:00:00
seebug
seebug
Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability
2014-07-17 00:00:00
cvelist
cvelist
CVE-2014-7224
2020-02-07 15:30:31
CVE-2016-4783
2016-05-23 19:00:00
CVE-2016-4782
2016-05-23 19:00:00
nvd
nvd
CVE-2014-7224
2020-02-07 16:15:09
CVE-2016-4783
2016-05-23 19:59:13
CVE-2016-4782
2016-05-23 19:59:12
prion
prion
Remote code execution
2020-02-07 16:15:00
Cross site scripting
2016-05-23 19:59:00
Code injection
2016-05-23 19:59:00
cve
cve
CVE-2014-7224
2020-02-07 16:15:09
CVE-2016-4783
2016-05-23 19:59:13
CVE-2016-4782
2016-05-23 19:59:12
exploitdb
exploitdb
Boat Browser 8.0/8.0.1 - Remote Code Execution
2014-07-16 00:00:00
zdt
zdt
Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit
2017-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2012-6636
2014-03-03 00:00:00
packetstorm
packetstorm
Boat Browser 8.0 / 8.0.1 Remote Code Execution
2014-07-16 00:00:00
android
android
JavaScript to Java
2012-12-21 00:00:00
nessus
nessus
Google Android Operating System < 4.4.0 Multiple Vulnerabilities
2015-04-10 00:00:00

0.041 Low

EPSS

Percentile

92.2%

JSON
Related for LENOVO:PS500036-SHAREIT-FOR-ANDROID-VULNERABILITIES-NOSID
lenovo1exploitpack1jvn1seebug1cvelist8nvd8prion8cve8exploitdb1zdt1ubuntucve1packetstorm1android1nessus1