6.9

CVE-2009-2348

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version1.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.277
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760
http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58
http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f
http://www.ocert.org/advisories/ocert-2009-011.html
http://www.openwall.com/lists/oss-security/2009/07/16/4
http://www.securityfocus.com/archive/1/505012/100/0/threaded
http://www.securityfocus.com/bid/35717
https://exchange.xforce.ibmcloud.com/vulnerabilities/51798