Vulnerability CVE-2014-1939
Published: 2014-03-02   Modified: 2014-03-03

Description:
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Lenovo -> Shareit 
Google -> Android 

 References:
https://support.lenovo.com/us/en/product_security/len_6421
http://openwall.com/lists/oss-security/2014/02/11/2
http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html
Copyright 2024, cxsecurity.com

 

Back to Top