Trusted Design

• 重大度: Unknown
• 公開日: 2014-12-15
• 更新日: 2024-08-06

概要

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.

このCVEに関連するMITRE ATT&CKテクニック

• T1557 - Adversary-in-the-Middle
• T1588.007 - Artificial Intelligence
• T1583.002 - DNS Server
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1063 - Security Software Discovery
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1608.001 - Upload Malware
• T1558 - Steal or Forge Kerberos Tickets
• T1070.008 - Clear Mailbox Data
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1145 - Private Keys
• T1535 - Unused/Unsupported Cloud Regions
• T1155 - AppleScript
• T1042 - Change Default File Association
• T1177 - LSASS Driver
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1497.002 - User Activity Based Checks
• T1606 - Forge Web Credentials
• T1071.002 - File Transfer Protocols
• T1679 - Selective Exclusion
• T1219.003 - Remote Access Hardware
• T1562.001 - Disable or Modify Tools
• T1187 - Forced Authentication
• T1486 - Data Encrypted for Impact
• T1595.003 - Wordlist Scanning
• T1184 - SSH Hijacking
• T1499 - Endpoint Denial of Service
• T1027.004 - Compile After Delivery
• T1090.004 - Domain Fronting
• T1493 - Transmitted Data Manipulation
• T1578.002 - Create Cloud Instance
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1223 - Compiled HTML File
• T1650 - Acquire Access
• T1498 - Network Denial of Service
• T1159 - Launch Agent
• T1036.006 - Space after Filename
• T1550.002 - Pass the Hash
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1596.005 - Scan Databases
• T1137.002 - Office Test
• T1086 - PowerShell
• T1601.002 - Downgrade System Image
• T1127 - Trusted Developer Utilities Proxy Execution
• T1529 - System Shutdown/Reboot

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る