CVE-2016-6706

{"id": "CVE-2016-6706", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-12-13T19:59:01.920", "references": [{"url": "http://www.securityfocus.com/bid/94134", "source": "security@android.com"}, {"url": "https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353", "tags": ["Issue Tracking", "Patch"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2016-11-01.html", "tags": ["Vendor Advisory"], "source": "security@android.com"}, {"url": "http://www.securityfocus.com/bid/94134", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2016-11-01.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713."}, {"lang": "es", "value": "Una vulnerabilidad de elevaci\u00f3n de privilegio en libstagefright en Mediaserver en Android 7.0 en versiones anteriores a 2016-11-01 podr\u00eda habilitar una aplicaci\u00f3n maliciosa local para ejecutar c\u00f3digo arbitrario dentro del contexto de un proceso privilegiado. Este problema est\u00e1 clasificado como alto porque podr\u00eda ser utilizado para obtener acceso local a capacidades elevadas, que no son normalmente accesibles para una aplicaci\u00f3n de un tercero. Android ID: A-31385713."}], "lastModified": "2024-11-21T02:56:40.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "595E33EF-6B21-425B-929C-6B883FA50081", "versionEndIncluding": "7.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}