CVE-2013-4710 Information
Description
Android 3.0 through 4.1.x on Disney Mobile eAccess KDDI NTT DOCOMO SoftBank and other devices does not properly implement the WebView class which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page as demonstrated by use of the WebView.addJavascriptInterface method a related issue to CVE-2012-6636.
Reference
http://50.56.33.56/blog/?p=314 http://emobile.jp/products/sh/a01sh/systemsoftware.html http://jvn.jp/en/jp/JVN53768697/113349/index.html http://jvn.jp/en/jp/JVN53768697/397327/index.html http://jvn.jp/en/jp/JVN53768697/995293/index.html http://jvn.jp/en/jp/JVN53768697/995312/index.html http://jvn.jp/en/jp/JVN53768697/995417/index.html http://jvn.jp/en/jp/JVN53768697/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111 http://openwall.com/lists/oss-security/2014/02/18/11
Share on: