CVE-2017-0538

EPSS 1.6%

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 abr 2017Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.

Produtos afetados

Google Inc. · Android

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8 https://source.android.com/security/bulletin/2017-04-01 http://www.securityfocus.com/bid/97330 http://www.securitytracker.com/id/1038201