CVE-2015-6611

Severity Level: High
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:

• Information Disclosure Vulnerabilities in Mediaserver
• Stagefright 2.0

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2015-6611

Details or analysis:

There are information disclosure vulnerabilities in mediaserver that can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.

Mediaserver service could be invoked when receiving media content from MMS messages, and browser playback of media. The mediaserver service has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6611
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6611
• https://source.android.com/security/bulletin/2015-11-01.html