CVE-2010-4804

EPSS 62.17%
Veröffentlicht 09.06.2011 10:36:27
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

NVD 9 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version <= 2.3.3

Google ≫ Android Version1.5

Google ≫ Android Version1.6

Google ≫ Android Version2.1

Google ≫ Android Version2.2

Google ≫ Android Version2.2 Updaterev1

Google ≫ Android Version2.2.1

Google ≫ Android Version2.2.2

Google ≫ Android Version2.3 Updaterev1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	62.17%	0.983

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=f440831d76817e837164ca18c7705e81d2391f87

http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3Ba=commit%3Bh=604a598e1e01bda781600a45e0a971898a582666

http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/

http://www.csc.ncsu.edu/faculty/jiang/nexuss.html

http://www.securityfocus.com/bid/48256

http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in-gingerbread-video-24116054/

https://nvd.nist.gov/vuln/detail/CVE-2010-4804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4804

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2010-4804