This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://zerodayinitiative.com/advisories/ZDI-18-560 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2018-09-24T23:00:00
Updated: 2024-08-05T07:39:07.944Z
Reserved: 2018-04-27T00:00:00
Link: CVE-2018-10502
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-24T23:29:01.087
Modified: 2024-11-21T03:41:27.043
Link: CVE-2018-10502
Redhat
No data.