CVE-2014-1670

Опубликовано: 25 янв. 2014

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.

Ссылки

http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/
Exploit
http://osvdb.org/102575
http://www.securityfocus.com/bid/65128
http://www.youtube.com/watch?v=_j1RKtTxZ3k
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/90977
https://play.google.com/store/apps/details?id=com.microsoft.bing
http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/
Exploit
http://osvdb.org/102575
http://www.securityfocus.com/bid/65128
http://www.youtube.com/watch?v=_j1RKtTxZ3k
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/90977
https://play.google.com/store/apps/details?id=com.microsoft.bing

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:bing:*:-:-:*:-:android:*:*

Версия до 4.2.0 (включая)

EPSS

Процентиль: 96%

0.29233

Средний

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-6w6g-qxcw-ffc5

github

больше 3 лет назад