CVE-2014-1885 Information

Description

The ForzeArmate application for Android when Adobe PhoneGap 2.9.0 or earlier is used allows remote attackers to execute arbitrary JavaScript code and consequently obtain write access to external-storage resources by leveraging control over any Google syndication advertising domain.

Reference

http://openwall.com/lists/oss-security/2014/02/07/9 http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf http://www.internetsociety.org/ndss2014/programmesession3