ID CVE-2015-1538
Summary Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
References
Vulnerable Configurations
  • Google Android 5.1
    cpe:2.3:o:google:android:5.1
CVSS
Base: 10.0 (as of 01-10-2015 - 09:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Android Stagefright - Remote Code Execution. CVE-2015-1538. Remote exploit for android platform
file exploits/android/remote/38124.py
id EDB-ID:38124
last seen 2016-02-04
modified 2015-09-09
platform android
port
published 2015-09-09
reporter Joshua J. Drake
source https://www.exploit-db.com/download/38124/
title Android Stagefright - Remote Code Execution
type remote
packetstorm via4
data source https://packetstormsecurity.com/files/download/133521/androidstagefright-exec.txt
id PACKETSTORM:133521
last seen 2016-12-05
published 2015-09-10
reporter jduck
source https://packetstormsecurity.com/files/133521/Android-Stagefright-Remote-Code-Execution.html
title Android Stagefright Remote Code Execution
refmap via4
bid 76052
confirm
exploit-db 38124
misc http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.html
mlist [android-security-updates] 20150812 Nexus Security Bulletin (August 2015)
sectrack 1033094
the hacker news via4
Last major update 07-12-2016 - 22:07
Published 30-09-2015 - 20:59
Last modified 20-09-2017 - 21:29
Back to Top