CVE-2014-7911

This is a local privilege escalation (LPE) exploit for CVE-2014-7911 targeting Android 4.4.4 on Nexus 5. It leverages deserialization vulnerabilities in the Android system service to escalate from an app context to system privileges, then chains with CVE-2014-4322 for root access.

This repository contains a proof-of-concept exploit for CVE-2014-7911, targeting a Java deserialization vulnerability in Android to achieve system privilege escalation. The exploit uses a custom ROP chain and chunk spraying technique to bypass memory protections.

This PoC exploits CVE-2014-7911, a deserialization vulnerability in Android's BinderProxy, to achieve local privilege escalation by crafting a malicious serialized object and leveraging a ROP chain to execute arbitrary commands as the system user.

This repository contains a functional proof-of-concept exploit for CVE-2014-7911, a local privilege escalation vulnerability in Android 4.4.4_r1. The exploit leverages heap spraying and a ROP chain to escalate privileges to the system user (uid=1000).

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2014-7911, targeting Android 4.4.4 on Nexus 5 devices. The exploit leverages deserialization and Binder manipulation to escalate privileges from an app context to system and then to root.

This PoC exploits CVE-2014-7911, a deserialization vulnerability in Android's BinderProxy class. It manipulates serialized data to trigger arbitrary code execution by exploiting the IUserManager service.