3 matches found
CVE-2014-7954
The CVE-2014-7954 entry concerns Android 4.4.4 where the MTP path traversal vulnerability lies in MtpServer.cpp (doSendObjectInfo). The issue allows physically proximate attackers connected to the device to upload files outside the sdcard by crafting an MTP request with a .. in the name parameter...
CVE-2014-7954
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. dot dot in a name parameter of an M...
CVE-2014-7954 MTP path traversal vulnerability in Android
MTP path traversal vulnerability in Android 4.4 ----------------------------------------------- doSendObjectInfo method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp does not validate the name parameter of the incoming MTP packet at all. It is possible to upload file...