CVE-2013-4710 in Androidinfo

Summary

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

06/26/2013

Disclosure

03/02/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
66499	Google Android webView Class input validation	20	High	Not defined	CVE-2013-4710
12234	Google Android webView Class addJavascriptInterface input validation	20	High	Official fix	CVE-2013-4710

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!