SB2018010101 - Multiple vulnerabilities in Google Android 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018010101

SB2018010101 - Multiple vulnerabilities in Google Android

Published: January 1, 2018

Security Bulletin ID SB2018010101
Severity
High
Patch available
YES
Number of vulnerabilities 21
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 19% Medium 43% Low 38%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 21 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2017-13183)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient privileges controls. A local attacker can use a specially crafted application, trigger an error in The Media framework component, gain system privileges and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

2) Remote code execution (CVE-ID: CVE-2017-13208)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in System components. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.

3) Privilege escalation (CVE-ID: CVE-2017-13210)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in System components. A remote attacker can gain system privileges and perform further attacks.

4) Privilege escalation (CVE-ID: CVE-2017-13209)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in System components. A remote attacker can gain system privileges and perform further attacks.

5) Denial of service (CVE-ID: CVE-2017-13211)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in System components and cause the service to crash.

6) Denial of service (CVE-ID: CVE-2017-13199)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

7) Denial of service (CVE-ID: CVE-2017-13197)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

8) Denial of service (CVE-ID: CVE-2017-13196)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

9) Denial of service (CVE-ID: CVE-2017-13195)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

10) Denial of service (CVE-ID: CVE-2017-13193)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

11) Denial of service (CVE-ID: CVE-2017-13192)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

12) Denial of service (CVE-ID: CVE-2017-13191)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

13) Denial of service (CVE-ID: CVE-2017-0855)

The vulnerability allows a remote attacker to cause DoS condition on the target system on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted file, trigger an error in the Media framework component and cause the service to crash.

14) Privilege escalation (CVE-ID: CVE-2017-13184)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.

15) Privilege escalation (CVE-ID: CVE-2017-13182)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.

16) Privilege escalation (CVE-ID: CVE-2017-13181)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.

17) Privilege escalation (CVE-ID: CVE-2017-13180)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Media framework component. A remote attacker can gain system privileges and perform further attacks.

18) Remote code execution (CVE-ID: CVE-2017-13179)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Media framework component. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.

19) Remote code execution (CVE-ID: CVE-2017-13178)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Media framework component. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.

20) Remote code execution (CVE-ID: CVE-2017-13177)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in Media framework component. A remote attacker can send a specially crafted file and execute arbitrary code with elevated privileges.

21) Privilege escalation (CVE-ID: CVE-2017-13176)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the Android runtime component. A remote attacker can gain system privileges and perform further attacks.

Remediation

Install update from vendor's website.

References