CVE-2020-5764 Information

Description

MX Player Android App versions prior to v1.24.5 are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in \Receive\ mode. An attacker can exploit this by connecting to the MX Transfer session as a \sender\ and sending a MessageType of \FILE_LIST\ with a \name\ field containing directory traversal characters (../). This will result in the file being transferred to the victim’s phone but being saved outside of the intended /sdcard/MXshare\ directory. In some instances an attacker can achieve remote code execution by writing .odex\ and .vdex\ files in the \oat\ directory of the MX Player application.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.tenable.com/security/research/tra-2020-41

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8