SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2014-7952

The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.8		CVSS Score : 4.6
Exploit Score: 1.8		Exploit Score: 3.9
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: LOCAL
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: LOW		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

http://www.securityfocus.com/archive/1/535980/100/0/threaded

BID-75705

http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html

http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability

https://github.com/irsl/ADB-Backup-APK-Injection/


30479



423868



248392



909



195452



282