This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2018-09-24T23:00:00

Updated: 2024-08-05T07:39:07.944Z

Reserved: 2018-04-27T00:00:00

Link: CVE-2018-10502

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-24T23:29:01.087

Modified: 2024-11-21T03:41:27.043

Link: CVE-2018-10502

cve-icon Redhat

No data.