CVE-2012-6301

Google Android - Improper Input Validation

Title source: rule

Description

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

Exploits (1)

metasploit WORKING POC

by Jean Pascal Pereira, Jonathan Waggoner · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/android/android_stock_browser_iframe.rb

View Code ZIP pw:eip

References (1)

[Exploit] http://packetstormsecurity.org/files/118539/Android-4.0.3-Browser-Crash.html

Scores

EPSS 0.4303

EPSS Percentile 97.5%

Details

CWE

CWE-20

Status published

Products (1)

google/android 4.0.3

Published Dec 10, 2012

Tracked Since Feb 18, 2026