CVE-2012-6301

Android 4.0.3 - Denial of Service via Crafted Market URI in IFRAME

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6301. PoCs published by Jean Pascal Pereira, Jonathan Waggoner, including Metasploit module auxiliary/dos/android/android_stock_browser_iframe.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in the Android Stock Browser (version 4.0.3) by serving a malicious webpage that crashes the browser via excessive iframe creation with invalid 'market://' URIs. The exploit triggers a denial-of-service (DoS) condition.

Description

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

Exploits (1)

metasploit WORKING POC

by Jean Pascal Pereira, Jonathan Waggoner · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/android/android_stock_browser_iframe.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in the Android Stock Browser (version 4.0.3) by serving a malicious webpage that crashes the browser via excessive iframe creation with invalid 'market://' URIs. The exploit triggers a denial-of-service (DoS) condition.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Android Stock Browser 4.0.3

No auth needed

Prerequisites: Victim must visit the malicious webpage

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/files/118539/Android-4.0.3-Browser-Crash.html

Scores

EPSS 0.4303

EPSS Percentile 97.6%

Details

CWE

CWE-20

Status published

Products (1)

google/android 4.0.3

Published Dec 10, 2012

Tracked Since Feb 18, 2026