CVE-2016-0811

HIGH

Android 6.x - Exposure of Sensitive Information via Integer Overflow in BnCrypto::onTransact

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0811. PoCs published by codecat007.

AI-analyzed exploit summary The PoC exploits CVE-2016-0811, a memory corruption vulnerability in Android's MediaDrm service, by crafting malicious Parcel data to trigger an integer overflow in the CryptoPlugin::SubSample handling. This leads to a heap-based buffer overflow, potentially allowing arbitrary code execution.

Description

Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2016-0811

The PoC exploits CVE-2016-0811, a memory corruption vulnerability in Android's MediaDrm service, by crafting malicious Parcel data to trigger an integer overflow in the CryptoPlugin::SubSample handling. This leads to a heap-based buffer overflow, potentially allowing arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android (MediaDrm service, versions prior to 2016 security patch)
No auth needed
Prerequisites: Access to the target device's Binder interface · MediaDrm service running on the device
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0007
EPSS Percentile 21.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
google/android 6.0
google/android 6.0.1
Published Feb 07, 2016
Tracked Since Feb 18, 2026