| Vulnerability Name: | CVE-2016-6754 (CCN-119391) | ||||||||||||||||
| Assigned: | 2016-09-06 | ||||||||||||||||
| Published: | 2016-09-06 | ||||||||||||||||
| Updated: | 2016-12-24 | ||||||||||||||||
| Summary: | A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. | ||||||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-74 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2016-6754 Source: BID Type: UNKNOWN 94204 Source: CCN Type: BID-94204 Google Android CVE-2016-6754 Remote Code Execution Vulnerability Source: XF Type: UNKNOWN android-cve20166754-code-exec(119391) Source: CCN Type: Android Open Source Project Android Security BulletinNovember 2016 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2016-11-01.html Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [11-28-2016] Source: EXPLOIT-DB Type: UNKNOWN 40846 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-6754 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||