CVE-2016-6707

HIGH

Android 6.x-7.0 - Privilege Escalation via System Server

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6707. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a vulnerability in Android's Bitmap handling to unmap arbitrary memory regions in a remote process, leading to remote code execution (RCE) by manipulating ashmem regions and garbage collection to overwrite critical memory structures like thread stacks.

Description

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textremoteandroid

https://www.exploit-db.com/exploits/40874

View Code ZIP pw:eip

This exploit leverages a vulnerability in Android's Bitmap handling to unmap arbitrary memory regions in a remote process, leading to remote code execution (RCE) by manipulating ashmem regions and garbage collection to overwrite critical memory structures like thread stacks.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Android (versions affected by CVE-2016-6707)

No auth needed

Prerequisites: Access to a vulnerable Android device or process · Ability to send crafted Parcel data to the target process

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/project-zero/issues/detail?id=928

Third Party Advisory x_refsource_misc

https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94164

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40874/

Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2016-11-01.html

Scores

CVSS v3 7.8

EPSS 0.0415

EPSS Percentile 89.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (5)

google/android 7.0

google/android 6.0 - 6.0.1

Google Inc./Android Android-6.0

Google Inc./Android Android-6.0.1

Google Inc./Android Android-7.0

Published Nov 25, 2016

Tracked Since Feb 18, 2026