[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE-2015-1574 - Google Email App 4.2.2 remote denial of service

To: fulldisclosure@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx
Subject: [FD] CVE-2015-1574 - Google Email App 4.2.2 remote denial of service
From: Hector Marco <hecmargi@xxxxxx>
Date: Fri, 13 Feb 2015 11:14:59 +0100

Hello,


Summary:

A bug in the stock Google email application version 4.4.2.0200 has beenfound. An attacker can remotely perform an Denial Of Service attack bysending a specially crafted email. No interaction from the user isneeded to produce the crash just receive the malicious email.

The CVE-2015-1574 has been assigned. Version 4.2.2.0200 running on aSamsung Galaxy 4 mini fully updated (19 Jan 2015) is affected. Newerversions 4.2.2.0400 are not affected.



Details and proof of concept exploit at:
http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html



Regards,
Hector Marco.
http://hmarco.org

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
Next by Date: [FD] CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four
Previous by thread: [FD] Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version)
Next by thread: [FD] CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four
Index(es):
- Date
- Thread