nvd-json-data-feeds/CVE-2017/CVE-2017-04xx/CVE-2017-0409.json

{
  "id": "CVE-2017-0409",
  "sourceIdentifier": "security@android.com",
  "published": "2017-02-08T15:59:00.723",
  "lastModified": "2024-11-21T03:02:55.650",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en libstagefright podr\u00eda habilitar a un atacante que utiliza un archivo especialmente manipulado a ejecutar c\u00f3digo arbitrario en el contexto de un proceso no privilegiado. Este problema est\u00e1 clasificado como High debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo en una aplicaci\u00f3n que utilice esta librer\u00eda. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "baseScore": 6.8,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/96091",
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1037798",
      "source": "security@android.com"
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-02-01.html",
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/96091",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1037798",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-02-01.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}