| Vulnerability Name: | CVE-2015-6602 (CCN-106877) | ||||||||
| Assigned: | 2015-10-01 | ||||||||
| Published: | 2015-10-01 | ||||||||
| Updated: | 2016-12-08 | ||||||||
| Summary: | libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | ||||||||
| CVSS v3 Severity: | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-6602 Source: CCN Type: Android Open Source Project Nexus Security Bulletin - October 2015 Source: SECTRACK Type: UNKNOWN 1033725 Source: CCN Type: Zimperium Mobile Security Blog, Thursday, Oct 1 2015 at 04:00 Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media - See more at: https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/#sthash.Jx5WvU8Z.dpuf Source: MISC Type: UNKNOWN https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/ Source: XF Type: UNKNOWN google-android-cve20156602-code-exec(106877) Source: CONFIRM Type: UNKNOWN https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-notes Source: MISC Type: UNKNOWN https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/ | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||