Input validation error in Google, Google Android

Published: 2011-08-12 | Updated: 2020-08-11

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2011-2357
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Google Android Operating systems & Components / Operating system
Vendor	Google

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU44801

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-2357

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 2.3.4 - 3.1

CPE2.3

External links

https://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17
https://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b
https://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e
https://blog.watchfire.com/files/advisory-android-browser.pdf
https://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html
https://osvdb.org/74260
https://seclists.org/fulldisclosure/2011/Aug/9
https://secunia.com/advisories/45457
https://securityreason.com/securityalert/8335
https://securitytracker.com/id?1025881
https://www.infsec.cs.uni-saarland.de/projects/android-vuln/
https://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf
https://www.securityfocus.com/archive/1/519146/100/0/threaded
https://www.securityfocus.com/bid/48954
https://exchange.xforce.ibmcloud.com/vulnerabilities/68937

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.