CVE-2014-4968

HIGH

Boat Browser 8.0 and 8.0.1 - Remote Code Execution via WebView.addJavascriptInterface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4968. PoCs published by c0otlass.

AI-analyzed exploit summary This exploit leverages a vulnerability in Boat Browser's WebView.addJavascriptInterface method to achieve remote code execution on Android devices. The PoC demonstrates arbitrary command execution by writing a file to the SD card via Java reflection.

Description

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.

Exploits (1)

exploitdb WORKING POC

by c0otlass · htmlremoteandroid

https://www.exploit-db.com/exploits/34088

View Code ZIP pw:eip

This exploit leverages a vulnerability in Boat Browser's WebView.addJavascriptInterface method to achieve remote code execution on Android devices. The PoC demonstrates arbitrary command execution by writing a file to the SD card via Java reflection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Boat Browser versions 8.0 and 8.0.1 (Android 3.0 through 4.1.x)

No auth needed

Prerequisites: Victim must visit a malicious webpage using vulnerable Boat Browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/34088/

Scores

CVSS v3 8.8

EPSS 0.0608

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

boatmob/boat_browser 8.0

boatmob/boat_browser 8.0.1

Published Feb 12, 2020

Tracked Since Feb 18, 2026