CVE-2010-4804

Android < 2.3.4 - Unauthorized SD Card Data Exposure via Crafted Content URIs

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-4804. PoCs published by Thomas Cannon, thomascannon, Thomas Cannon, jduck, including Metasploit module auxiliary/gather/android_htmlfileprovider.

AI-analyzed exploit summary This exploit leverages a vulnerability in Android's content:// URI handling to disclose sensitive files via JavaScript executed in the context of the local device. It uses a multi-stage approach to exfiltrate file contents to a remote server.

Description

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

Exploits (3)

exploitdb WORKING POC
by Thomas Cannon · phpwebappsandroid
https://www.exploit-db.com/exploits/18164

This exploit leverages a vulnerability in Android's content:// URI handling to disclose sensitive files via JavaScript executed in the context of the local device. It uses a multi-stage approach to exfiltrate file contents to a remote server.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Android < 2.3.4
No auth needed
Prerequisites: Victim must visit the malicious URL using an affected Android device · Server hosting the exploit must be accessible to the victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 8 stars
by thomascannon · poc
https://github.com/thomascannon/android-cve-2010-4804

This repository contains functional exploit code for CVE-2010-4804, an Android vulnerability that allows data theft via malicious web pages. The PoC uses a multi-stage attack to force download and execute JavaScript in the context of the local device, exfiltrating file contents to a remote server.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Android < 2.3.4
No auth needed
Prerequisites: Victim must visit the malicious URL using the Android Browser · Server to host the PoC files
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC
by Thomas Cannon, jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/android_htmlfileprovider.rb

This Metasploit module exploits a cross-domain vulnerability in the Android web browser (CVE-2010-4804) to exfiltrate files from a vulnerable device. It uses JavaScript to read local files via XMLHttpRequest and sends the data to an attacker-controlled server.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Android Browser (versions affected by CVE-2010-4804)
No auth needed
Prerequisites: Victim must visit a malicious webpage · Vulnerable Android browser version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

EPSS 0.2695
EPSS Percentile 97.8%

Details

CWE
CWE-200
Status published
Products (8)
google/android 1.5
google/android 1.6
google/android 2.1
google/android 2.2 (2 CPE variants)
google/android 2.2.1
google/android 2.2.2
google/android 2.3 rev1
google/android < 2.3.3
Published Jun 09, 2011
Tracked Since Feb 18, 2026