03 Jui 2019
Vulnérabilité CVE-2019-6740 CVE Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472. (CVSS:6.8) (Last Update:2019-06-05)
Vulnerability Details : This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472. Publish Date : 2019-06-03 Last Update Date : 2019-06-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-6740
- References For CVE-2019-6740
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-6740There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |