Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: December 15, 2014
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
Related Resources (5)
Weakness Type (CWE)
Permissions, Privileges, and Access ControlCWE-264
Upgrade to version 5.0.0
|Attack Vector (AV):||LOCAL|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||NONE|
|Access Vector (AV):||LOCAL|
|Access Complexity (AC):||MEDIUM|