CVE-2008-0986

Google Android SDK m3-rc37a and earlier, m5-rc14 - Remote Code Execution via BMP Header Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0986. PoCs published by Alfredo Ortega.

AI-analyzed exploit summary This exploit leverages an integer overflow vulnerability in the Android Web Browser (SDK m5-rc14 and earlier) to execute arbitrary code. It generates a malformed BMP file and uses JavaScript to manipulate memory, triggering a jump to a controlled address.

Description

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alfredo Ortega · htmldosandroid

https://www.exploit-db.com/exploits/31308

View Code ZIP pw:eip

This exploit leverages an integer overflow vulnerability in the Android Web Browser (SDK m5-rc14 and earlier) to execute arbitrary code. It generates a malformed BMP file and uses JavaScript to manipulate memory, triggering a jump to a controlled address.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Android Web Browser (SDK m5-rc14 and earlier)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must be using a vulnerable version of Android Web Browser

MITRE ATT&CK