Vulnerabilities > CVE-2015-1538 - Numeric Errors vulnerability in Google Android
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Android Stagefright - Remote Code Execution. CVE-2015-1538. Remote exploit for android platform |
| file | exploits/android/remote/38124.py |
| id | EDB-ID:38124 |
| last seen | 2016-02-04 |
| modified | 2015-09-09 |
| platform | android |
| port | |
| published | 2015-09-09 |
| reporter | Joshua J. Drake |
| source | https://www.exploit-db.com/download/38124/ |
| title | Android Stagefright - Remote Code Execution |
| type | remote |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/133521/androidstagefright-exec.txt |
| id | PACKETSTORM:133521 |
| last seen | 2016-12-05 |
| published | 2015-09-10 |
| reporter | jduck |
| source | https://packetstormsecurity.com/files/133521/Android-Stagefright-Remote-Code-Execution.html |
| title | Android Stagefright Remote Code Execution |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:89388 |
| last seen | 2017-11-19 |
| modified | 2015-09-10 |
| published | 2015-09-10 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-89388 |
| title | Android Stagefright Media Playback Engine 远程代码执行漏洞 |
The Hacker News
id THN:75E875328988E7A8477652A8F3892840 last seen 2018-01-27 modified 2015-09-14 published 2015-09-14 reporter Mohit Kumar source https://thehackernews.com/2015/09/hackernews-popular-updates.html title THN Weekly Roundup — 15 Most Popular Cyber Security and Hacking News Stories id THN:6EF19BF277B793F5A36108AF7A72F0D4 last seen 2018-01-27 modified 2015-09-11 published 2015-09-11 reporter Khyati Jain source https://thehackernews.com/2015/09/stagefright-android-exploit-code.html title Android Stagefright Exploit Code Released
Related news
References
- http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.html
- http://www.huawei.com/en/psirt/security-advisories/hw-448928
- http://www.securityfocus.com/bid/76052
- http://www.securitytracker.com/id/1033094
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
- https://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398
- https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
- https://www.exploit-db.com/exploits/38124/