CVE-2013-4710: Input Validation
First published: Mon Mar 03 2014(Updated: )
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =3.0 | |
| Android | =3.1 | |
| Android | =3.2 | |
| Android | =3.2.1 | |
| Android | =3.2.2 | |
| Android | =3.2.4 | |
| Android | =3.2.6 | |
| Android | =4.0 | |
| Android | =4.0.1 | |
| Android | =4.0.2 | |
| Android | =4.0.3 | |
| Android | =4.0.4 | |
| Android | =4.1 | |
| Android | =4.1.2 | |
| =3.0 | ||
| =3.1 | ||
| =3.2 | ||
| =3.2.1 | ||
| =3.2.2 | ||
| =3.2.4 | ||
| =3.2.6 | ||
| =4.0 | ||
| =4.0.1 | ||
| =4.0.2 | ||
| =4.0.3 | ||
| =4.0.4 | ||
| =4.1 | ||
| =4.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://50.56.33.56/blog/?p=314
- http://emobile.jp/products/sh/a01sh/systemsoftware.html
- http://jvn.jp/en/jp/JVN53768697/113349/index.html
- http://jvn.jp/en/jp/JVN53768697/397327/index.html
- http://jvn.jp/en/jp/JVN53768697/995293/index.html
- http://jvn.jp/en/jp/JVN53768697/995312/index.html
- http://jvn.jp/en/jp/JVN53768697/995417/index.html
- http://jvn.jp/en/jp/JVN53768697/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111
- http://openwall.com/lists/oss-security/2014/02/18/11
Frequently Asked Questions
What is the severity of CVE-2013-4710?
CVE-2013-4710 is considered a critical vulnerability due to the potential for remote code execution or denial of service.
How do I fix CVE-2013-4710?
To remediate CVE-2013-4710, it is recommended to upgrade to a patched version of the Android operating system, beyond 4.1.
Which devices are affected by CVE-2013-4710?
CVE-2013-4710 affects various Android devices running versions 3.0 to 4.1.x, including those from Disney Mobile, eAccess, KDDI, NTT DOCOMO, and SoftBank.
What type of attack can exploit CVE-2013-4710?
CVE-2013-4710 can be exploited via crafted web pages that allow attackers to execute arbitrary Java methods on vulnerable Android devices.
What versions of Android are vulnerable to CVE-2013-4710?
The vulnerable versions of Android for CVE-2013-4710 include 3.0 through 4.1.2.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/google
- canonical/android
- version/android/3.0
- version/android/3.1
- version/android/3.2
- version/android/3.2.1
- version/android/3.2.2
- version/android/3.2.4
- version/android/3.2.6
- version/android/4.0
- version/android/4.0.1
- version/android/4.0.2
- version/android/4.0.3
- version/android/4.0.4
- version/android/4.1
- version/android/4.1.2