Remote Code Execution Vulnerability in Samsung Internet Browser
CVE-2018-10496

8.8HIGH

Key Information:

Vendor: Samsung
Status: Samsung Internet Browser
Vendor: CVE Published:; 24 September 2018

Summary

A remote code execution vulnerability exists in the Samsung Internet Browser due to improper handling of TypedArray objects. Attackers can exploit this vulnerability by tricking users into visiting a malicious webpage or opening a harmful file, allowing the attacker to execute arbitrary code within the context of the affected process. The lack of object validation prior to executing operations enables this exploit, leading to potential compromise of the user's system.

Affected Version(s)

Samsung Internet Browser Fixed in version 6.4.0.15

References

https://zerodayinitiative.com/advisories/ZDI-18-555

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2018
Vulnerability Reserved
Apr 27, 2018