admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2020/CVE-2020-0074.md

22 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2020-0074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0074)
![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)
### Description
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base
- https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base_after
- https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base_old
- https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base_old1
Reference in New Issue Copy Permalink