CVE-2015-6608

Severity Level: High
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:

• Remote Code Execution Vulnerabilities in Mediaserver
• Stagefright 2.0

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2015-6608

Details or analysis:

This is a remote code execution vulnerability.

The mediaserver service in Android OS 4.4 before 5.1.1 (build LMY48X) and 6.0 before 2015-11-01 could allow remote attackers to execute arbitrary code, or cause a denial of service (memory corruption) via a crafted media file.

Mediaserver service could be invoked when receiving media content from MMS messages, and browser playback of media. The mediaserver service has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6608
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6608
• https://source.android.com/security/bulletin/2015-11-01.html