Description
The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/
Exploit x_refsource_misc
http://www.youtube.com/watch?v=_j1RKtTxZ3k
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102575
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90977
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65128
Various Sources x_refsource_misc
https://play.google.com/store/apps/details?id=com.microsoft.bing
Scores
EPSS
0.1371
EPSS Percentile
96.0%
Details
CWE
CWE-94
Status
published
Products (1)
microsoft/bing
< 4.2.0
Published
Jan 25, 2014
Tracked Since
Feb 18, 2026