Input validation error in Google, Google Android



Published: 2011-08-12 | Updated: 2020-08-11
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2011-2357
CWE-ID CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Google Android
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU44801

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2011-2357

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 2.3.4 - 3.1

CPE2.3 External links

http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17
http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b
http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e
http://blog.watchfire.com/files/advisory-android-browser.pdf
http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html
http://osvdb.org/74260
http://seclists.org/fulldisclosure/2011/Aug/9
http://secunia.com/advisories/45457
http://securityreason.com/securityalert/8335
http://securitytracker.com/id?1025881
http://www.infsec.cs.uni-saarland.de/projects/android-vuln/
http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf
http://www.securityfocus.com/archive/1/519146/100/0/threaded
http://www.securityfocus.com/bid/48954
http://exchange.xforce.ibmcloud.com/vulnerabilities/68937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###