DiutesEx.A

AppRisk Coverage: Yes
Type: Exploit
OWASP: M4: Unintended Data Leakage
Aliases:

• Exploit/DiutesEx.A

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2012-4222

Details or analysis:

This is a trojan that exploits a vulnerability found in Android (before version 2.2.3) that may result in the trojan gaining root access to the Android device.

This exploit code may be bundled with other malware for the purpose of rooting the device.

CVE-2012-4222 is a vulnerability in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2. It allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. The vulnerable code is “drivers/gpu/msm/kgsl.c“.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4222