cve/CVE-2020-0074.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base
https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base_after
https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base_old
https://github.com/Nivaskumark/CVE-2020-0074-frameworks_base_old1

1.1 KiB Raw Blame History

CVE-2020-0074

Description

POC

Reference

Github

1.1 KiB

Raw Blame History