- 漏洞信息

95113
Google Android ZIP File Extraction classes.dex File Signature Verification Bypass
Local Access Required, Mobile Phone / Hand-held Device Cryptographic
Loss of Integrity Patch / RCS
Exploit Public Vendor Verified

- 漏洞描述

The Android OS contains a flaw that is due to unsigned values in extracted ZIP files. With a specially crafted classes.dex file, a local attacker can bypass signature verification and replace classes.dex with a malicious version.

- 时间线

2013-07-10 Unknow
Unknow 2013-07-03

- 解决方案

The vendor has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站