← voltar
CVE-2015-1538

CVE-2015-1538

EPSS 99.1%
Vexday Risk Score
45Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 99.1%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
09 set 2015PoC pública
01 out 2015Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
Produtos afetados
n/a · n/a
PoCs públicas encontradas10
githubgithub.com/jduck/cve-2015-1538-1204githubgithub.com/Tharana/vulnerability-exploitation3githubgithub.com/oguzhantopgul/cve-2015-1538-13githubgithub.com/renjithsasidharan/cve-2015-1538-11githubgithub.com/Tharana/Android-vulnerability-exploitation1githubgithub.com/niranjanshr13/Stagefright-cve-2015-1538-10githubgithub.com/xsleaksiki/cve0exploitdbwww.exploit-db.com/exploits/38124não verificadocve_referencewww.exploit-db.com/exploits/38124/não verificadocve_referencepacketstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.htmlhttps://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJhttps://www.exploit-db.com/exploits/38124/http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttp://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094