CVE-2017-0408 - A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted f

CVE-2017-0408

Summary

A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670.

References

http://www.securityfocus.com/bid/96092
http://www.securitytracker.com/id/1037798
https://source.android.com/security/bulletin/2017-02-01.html

Vulnerable Configurations

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	96092
confirm	https://source.android.com/security/bulletin/2017-02-01.html
sectrack	1037798

Last major update

03-10-2019 - 00:03

Published

08-02-2017 - 15:59

Last modified

03-10-2019 - 00:03