CVE-2013-4710

Android <4.1.x - RCE

Title source: llm

Description

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/31519

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Snip3R69 · poc

https://github.com/Snip3R69/CVE-2013-4710-WebView-RCE-Vulnerability

View Code ZIP pw:eip

exploitdb WORKING POC

rubylocalandroid

https://www.exploit-db.com/exploits/41675

View Code ZIP pw:eip

References (10)

[Various Sources] http://50.56.33.56/blog/?p=314

[Various Sources] http://emobile.jp/products/sh/a01sh/systemsoftware.html

[Mailing List] http://openwall.com/lists/oss-security/2014/02/18/11

[Third Party Advisory] http://jvn.jp/en/jp/JVN53768697/113349/index.html

[Third Party Advisory] http://jvn.jp/en/jp/JVN53768697/397327/index.html

[Third Party Advisory] http://jvn.jp/en/jp/JVN53768697/995293/index.html

[Third Party Advisory] http://jvn.jp/en/jp/JVN53768697/995312/index.html

[Third Party Advisory] http://jvn.jp/en/jp/JVN53768697/995417/index.html

[Third Party Advisory] http://jvn.jp/en/jp/JVN53768697/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111

Scores

EPSS 0.7638

EPSS Percentile 98.9%

Details

CWE

CWE-20

Status published

Products (14)

google/android 3.0

google/android 3.1

google/android 3.2

google/android 3.2.1

google/android 3.2.2

google/android 3.2.4

google/android 3.2.6

google/android 4.0

google/android 4.0.1

google/android 4.0.2

... and 4 more

Published Mar 03, 2014

Tracked Since Feb 18, 2026