CVE-2015-6620
Android < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Privilege Escalation via libstagefright
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2015-6620. PoCs published by flankerhqd.
AI-analyzed exploit summary This PoC exploits CVE-2015-6620, a memory corruption vulnerability in Android's mediaserver, to achieve arbitrary code execution. It uses a combination of heap spraying and DRM session manipulation to trigger the vulnerability and gain control over program execution.
Description
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.
Exploits (2)
This PoC exploits CVE-2015-6620, a memory corruption vulnerability in Android's mediaserver, to achieve arbitrary code execution. It uses a combination of heap spraying and DRM session manipulation to trigger the vulnerability and gain control over program execution.
This PoC demonstrates an arbitrary write vulnerability in Android's AMessage unmarshaling (CVE-2015-6620) by exploiting an out-of-bounds write in the `mNumItems` loop. It targets the mediaserver via the IStreamListener interface, leading to memory corruption and potential RCE.