Sign-up

ID

VAR-201712-0009


CVE

CVE-2015-7889


TITLE

Samsung S6 Edge Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-008080

DESCRIPTION

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. Samsung S6 Edge Contains a permission vulnerability.Information may be obtained. Samsung SecEmailComposer is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges within the context of the application.

Trust: 1.89

sources: NVD: CVE-2015-7889 // JVNDB: JVNDB-2015-008080 // BID: 77339

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:5.1.1

Trust: 1.0

vendor:samsungmodel:galaxy s6scope:eqversion:edge

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:5.1.1

Trust: 0.6

vendor:samsungmodel:secemailcomposerscope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s6 edgescope:eqversion:0

Trust: 0.3

sources: BID: 77339 // JVNDB: JVNDB-2015-008080 // CNNVD: CNNVD-201511-046 // NVD: CVE-2015-7889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7889
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7889
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-046
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-7889
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2015-7889
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2015-008080 // CNNVD: CNNVD-201511-046 // NVD: CVE-2015-7889

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.8

sources: JVNDB: JVNDB-2015-008080 // NVD: CVE-2015-7889

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-046

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201511-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008080

PATCH
title:Issue 490url:https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1
Trust: 0.8
title:Galaxy S6 edgeurl:http://www.galaxymobile.jp/galaxy-s6-edge/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-008080

EXTERNAL IDS
db:NVDid:CVE-2015-7889
Trust: 2.7
db:BIDid:77339
Trust: 1.9
db:EXPLOIT-DBid:38558
Trust: 1.6
db:PACKETSTORMid:134105
Trust: 1.6
db:JVNDBid:JVNDB-2015-008080
Trust: 0.8
db:CNNVDid:CNNVD-201511-046
Trust: 0.6
sources:
            
            
            BID: 77339 // 
            
            
            
            JVNDB: JVNDB-2015-008080 // 
            
            
            
            CNNVD: CNNVD-201511-046 // 
            
            
            
            NVD: CVE-2015-7889

REFERENCES
url:http://www.securityfocus.com/bid/77339
Trust: 1.6
url:http://packetstormsecurity.com/files/134105/samsung-secemailcomposer-quick_reply_background-permission-weakness.html
Trust: 1.6
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1
Trust: 1.6
url:https://www.exploit-db.com/exploits/38558/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7889
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7889
Trust: 0.8
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            BID: 77339 // 
            
            
            
            JVNDB: JVNDB-2015-008080 // 
            
            
            
            CNNVD: CNNVD-201511-046 // 
            
            
            
            NVD: CVE-2015-7889

CREDITS
forshaw
Trust: 0.9
sources:
            
            
            BID: 77339 // 
            
            
            
            CNNVD: CNNVD-201511-046

SOURCES
db:BIDid:77339
db:JVNDBid:JVNDB-2015-008080
db:CNNVDid:CNNVD-201511-046
db:NVDid:CVE-2015-7889

LAST UPDATE DATE
2024-11-23T22:52:15.664000+00:00

SOURCES UPDATE DATE
db:BIDid:77339date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-008080date:2018-02-02T00:00:00
db:CNNVDid:CNNVD-201511-046date:2018-01-02T00:00:00
db:NVDid:CVE-2015-7889date:2024-11-21T02:37:36.657

SOURCES RELEASE DATE
db:BIDid:77339date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-008080date:2018-02-02T00:00:00
db:CNNVDid:CNNVD-201511-046date:2015-10-28T00:00:00
db:NVDid:CVE-2015-7889date:2017-12-28T02:29:03.377