Android 7 < 9 - Remote Code Execution

Exploit Database
76 阅读

作者： Marcin Kozlowski

日期： 2019-07-24
类别：
- remote
平台：
- android
来源：https://www.exploit-db.com/exploits/47157/

# Exploit Title: Android 7-9 - Remote Code Execution
# Date: [date]
# Exploit Author: Marcin Kozlowski
# Version: 7-9
# Tested on: Android
# CVE : 2019-2107

CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... 
With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video (with tiles enabled - ps_pps->i1_tiles_enabled_flag) you can possibly do RCE. The codec affected is HVEC (a.k.a H.265 and MPEG-H Part 2)

POC:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47157.zip

last Exploits
Android 7 < 9 - Remote Code Execution的更多信息

F5 FirePass 7.0 – SQL Injection：
(Gabriel’s FTP Server) Open & Compact FTPd 1.2 – Remote Overflow：
Oracle AutoVue 20.0.1 – ‘AutoVueX.ocx’ ActiveX Control ‘ExportEdaBom()’ Insecure Method：
Skype – URI Handler Input Validation：
Wireshark 1.2.5 – LWRES getaddrbyname Buffer Overflow：
Adobe RoboHelp Server 8 – Arbitrary File Upload / Execution (Metasploit)：
OpenSSH 2.3 < 7.7 - Username Enumeration：
Disk Savvy Enterprise 10.4.18 – Stack-Based Buffer Overflow (Metasploit)：