Vulnerability CVE-2014-8889
Published: 2017-09-25   Modified: 2017-09-26

Description:
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.

See advisories in our WLB2 database:
Topic
Author
Date
High
Dropbox SDK for Android Remote Exploitation *youtube
Rose Hay
11.03.2015

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Dropbox -> Dropbox sdk 

 References:
http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html
http://seclists.org/fulldisclosure/2015/Mar/61
http://www.securityfocus.com/archive/1/534843/100/1500/threaded
http://www.securityfocus.com/bid/73035
https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/
Copyright 2024, cxsecurity.com

 

Back to Top