CVE-2017-0638

Опубликовано: 14 июн. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.

Ссылки

http://www.securityfocus.com/bid/98872
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038623
https://source.android.com/security/bulletin/2017-06-01
Vendor Advisory
http://www.securityfocus.com/bid/98872
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038623
https://source.android.com/security/bulletin/2017-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00447

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-2v9h-j3m9-v858