Remote Code Execution Vulnerability in Adobe PhoneGap on Android
CVE-2014-1883

Currently unrated

Key Information:

Vendor: Adobe
Status: Phonegap
Vendor: CVE Published:; 3 March 2014

Summary

Adobe PhoneGap prior to version 2.6.0 on Android is vulnerable to a remote code execution flaw stemming from its improper use of the shouldOverrideUrlLoading callback instead of the expected shouldInterceptRequest callback. This oversight can be exploited by remote attackers, allowing them to bypass intended restrictions on device resources. The vulnerability can be triggered through content loaded in IFRAME elements or via XMLHttpRequest methods initiated by malicious applications.

References

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf

x_refsource_MISC

http://www.internetsociety.org/ndss2014/programme#session3

x_refsource_MISC

http://seclists.org/bugtraq/2014/Jan/96

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 3, 2014
Vulnerability Reserved
Feb 7, 2014