CVE-2014-1939 - OpenCVE

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Lenovo	Shareit

Configuration 1 [-]

OR	cpe:2.3:o:google:android::::::::
	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*
	cpe:2.3:o:google:android:4.0.3:::::::*
	cpe:2.3:o:google:android:4.0.4:::::::*
	cpe:2.3:o:google:android:4.1:::::::*
	cpe:2.3:o:google:android:4.1.2:::::::*
	cpe:2.3:o:google:android:4.2:::::::*
	cpe:2.3:o:google:android:4.2.1:::::::*
	cpe:2.3:o:google:android:4.2.2:::::::*
	cpe:2.3:o:google:android:4.3:::::::*

Configuration 2 [-]

cpe:2.3:a:lenovo:shareit:*:*:*:*:*:android:*:*

No data.

References

Link	Providers
http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html
http://openwall.com/lists/oss-security/2014/02/11/2
https://support.lenovo.com/us/en/product_security/len_6421

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-03T02:00:00

Updated: 2024-08-06T09:58:15.988Z

Reserved: 2014-02-10T00:00:00

Link: CVE-2014-1939

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-03-03T04:50:46.453

Modified: 2016-05-26T12:22:39.743

Link: CVE-2014-1939

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-05-23T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html"}, {"name": "[oss-security] 20140210 CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/02/11/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/len_6421"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1939", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html", "refsource": "CONFIRM", "url": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html"}, {"name": "[oss-security] 20140210 CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/02/11/2"}, {"name": "https://support.lenovo.com/us/en/product_security/len_6421", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/len_6421"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.988Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html"}, {"name": "[oss-security] 20140210 CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/02/11/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/len_6421"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1939", "datePublished": "2014-03-03T02:00:00", "dateReserved": "2014-02-10T00:00:00", "dateUpdated": "2024-08-06T09:58:15.988Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2C07AF-6B89-4B53-826B-BBB1E1A61D33", "versionEndIncluding": "4.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:shareit:*:*:*:*:*:android:*:*", "matchCriteriaId": "C02B18C8-61E1-4655-BD2D-8225EFBACFF2", "versionEndIncluding": "3.5.88_ww", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels."}, {"lang": "es", "value": "java/android/webkit/BrowserFrame.java en Android anterior a 4.4 utiliza la API addJavascriptInterface en conjunto con la creaci\u00f3n de un objeto de la clase SearchBoxImpl, lo que permite a atacantes ejecutar c\u00f3digo Java arbitrario mediante el aprovechamiento del acceso a la interfaz searchBoxJavaBridge_ en ciertos niveles API de Android."}], "id": "CVE-2014-1939", "lastModified": "2016-05-26T12:22:39.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-03T04:50:46.453", "references": [{"source": "cve@mitre.org", "url": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/02/11/2"}, {"source": "cve@mitre.org", "url": "https://support.lenovo.com/us/en/product_security/len_6421"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}