CVE-2013-4710
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 43%
from disclosure to weapon0 days
Published on NVDMar 3
1st PoCDec 21
metasploitDec 21
exploitation probability
43%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/Snip3R69/CVE-2013-4710-WebView-RCE-Vulnerability★ 1exploitdbwww.exploit-db.com/exploits/41675unverifiedexploitdbwww.exploit-db.com/exploits/31519unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://50.56.33.56/blog/?p=314http://emobile.jp/products/sh/a01sh/systemsoftware.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000111http://jvn.jp/en/jp/JVN53768697/113349/index.htmlhttp://jvn.jp/en/jp/JVN53768697/397327/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995293/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995312/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995417/index.htmlhttp://jvn.jp/en/jp/JVN53768697/index.htmlhttp://openwall.com/lists/oss-security/2014/02/18/11