Google Android CVE-2017-0781 Heap Buffer Overflow Vulnerability

Google Android is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

This issue is being tracked by Android Bug ID A-63146105.

Information

Bugtraq ID: 100810
Class: Boundary Condition Error
CVE: CVE-2017-0781

Remote: Yes
Local: No
Published: Sep 12 2017 12:00AM
Updated: Sep 12 2017 12:00AM
Credit: Ben Seri and Gregory Vishnepolsky of Armis.
Vulnerable: Google Android 7.1.1
Google Android 6.0.1
Google Android 5.1.1
Google Android 5.0.2
Google Android 4.4.4
Google Android 8.0
Google Android 7.1.2
Google Android 7.0
Google Android 6.0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Android Homepage (Google)
  
• The IoT Attack Vector â??BlueBorneâ? Exposes Almost Every Connected Device (Armis)
  
• Android Security Bulletinâ??September 2017 (Google)
  
• VU#240311 Multiple Bluetooth implementation vulnerabilities affect many devices (CERT)
  

Source: www.securityfocus.com