CVE-2013-4710
published 2014-03-03CVE-2013-4710: Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows…
PriorityP265critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
42.62%
98.5th percentile
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android_api | <= 16.0 | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — | |
| android_api | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://blog.trustlook.com/2013/09/04/alert-android-webview-addjavascriptinterface-code-execution-vulnerability/↗
urlhttps://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/↗
urlhttps://github.com/mwrlabs/drozer/blob/bcadf5c3fd08c4becf84ed34302a41d7b5e9db63/src/drozer/modules/exploit/mitm/addJavaScriptInterface.py↗
- →Vulnerability check JS: enumerate all objects in `top` and attempt to call `.getClass().forName('java.lang.Runtime')` — success indicates a vulnerable addJavascriptInterface object is exposed in the WebView context. ↗
- →Exploit JS pattern: attacker uses Java Reflection via `getClass().forName('java.lang.Runtime').getMethod('getRuntime', null)` inside injected JavaScript to obtain a Runtime instance and execute OS commands. ↗
- →MITM / persistent XSS vector: if an attacker can intercept the WebView's HTTP connection or inject persistent XSS into the page loaded by the WebView, they can inject the exploit HTML/JS and obtain a shell. ↗
- →The native Android Browser is vulnerable via the `searchBoxJavaBridge_` interface; the Google APIs 4.1.2 release of Android Browser is a confirmed vulnerable target. ↗
- →Arch-detection JS fingerprinting: exploit JS probes `navigator.platform` with regexes `/arm/i`, `/mips/i`, `/x86/i` to select the correct payload binary — detect this pattern in injected scripts. ↗
- →Approximately 90% of analyzed Android e-commerce apps contained this WebView RCE vulnerability; prioritize scanning APKs for `addJavascriptInterface` usage on API level 16 or earlier targets. ↗
- ·The vulnerability only affects Android API level 16 (Android < 4.2) and earlier; applications targeting API level 17+ are not affected by this specific issue. ↗
- ·Ad integrations in Android apps are highlighted as a particularly high-risk attack surface because they commonly use WebViews with addJavascriptInterface, making MITM against ad traffic a viable exploitation path. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-99c2-83v2-365x: Android 3
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2013-4710 [MEDIUM] CWE-20 GHSA-99c2-83v2-365x: Android 3
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
GHSA
GHSA-9qcw-937q-52w8: The Android API before 17 does not properly restrict the WebView
ghsa_unreviewed·2022-05-13·CVSS 9.3
CVE-2012-6636 [CRITICAL] GHSA-9qcw-937q-52w8: The Android API before 17 does not properly restrict the WebView
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
OSV
CVE-2012-6636: The Android API before 17 does not properly restrict the WebView
osv·2014-03-03·CVSS 6.8
CVE-2012-6636 [MEDIUM] CVE-2012-6636: The Android API before 17 does not properly restrict the WebView
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
No detection rules found.
Exploit-DB
Android Browser and WebView addJavascriptInterface - Code Execution (Metasploit)
exploitdb·2014-02-07
CVE-2013-4710 Android Browser and WebView addJavascriptInterface - Code Execution (Metasploit)
Android Browser and WebView addJavascriptInterface - Code Execution (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "Android",
:arch => ARCH_ARMLE,
:javascript => true,
:rank => ExcellentRanking,
:vuln_test => %Q|
for (i in top) {
try {
top[i].getClass().forName('java.lang.Runtime');
is_vuln = true; break;
} catch(e) {}
}
|
})
def initialize(info = {})
super(update_info(info,
'Name' => 'Android Browser and WebView addJavascriptInterface Code Execution',
'Description' => %q{
This module exploits a privilege escalation issue in Android MSF_LICENSE,
'Author' => [
'jduck', # original msf module
'joev' # static server
],
'References' => [
['URL', 'ht
Exploit-DB
HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion
exploitdb·2013-06-10
CVE-2013-3575 HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion
HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion
---
source: https://www.securityfocus.com/bid/60449/info
HP Insight Diagnostics is prone to a local file include vulnerability because it fails to adequately validate user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
HP Insight Diagnostics 9.4.0.4710 is vulnerable; other versions may also be affected.
https://www.example.com/hpdiags/frontend2/help/pageview.php?path=comparesurvey.html
Exploit-DB
HP Insight Diagnostics - Remote Code Injection
exploitdb·2013-06-10
CVE-2013-3574 HP Insight Diagnostics - Remote Code Injection
HP Insight Diagnostics - Remote Code Injection
---
source: https://www.securityfocus.com/bid/60447/info
HP Insight Diagnostics is prone to a remote code-injection vulnerability.
An attacker can exploit this vulnerability to inject and execute arbitrary code within the context of the affected application.
HP Insight Diagnostics 9.4.0.4710 is vulnerable; other versions may also be affected.
https://www.example.com/hpdiags/frontend2/commands/saveCompareConfig.php?filename=comparesurvey&target=winhardrive&device=&devicePath=C:/hp/hpsmh/data/htdocs/hpdiags/frontend2/help/&category=all&advanced=yes&leftFile=surveybase.xml&leftFileName=&rightFile=survey.lastwebsession.xml&rightFileName=-&changesOnly=yes&overwrite=yes
Exploit-DB
Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
exploitdb·2012-12-21
CVE-2012-6636 Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/android'
class MetasploitModule OperatingSystems::Match::ANDROID,
:arch => ARCH_ARMLE,
:javascript => true,
:rank => ExcellentRanking,
:vuln_test => VULN_CHECK_JS
)
def initialize(info = {})
super(update_info(info,
'Name' => 'Android Browser and WebView addJavascriptInterface Code Execution',
'Description' => %q{
This module exploits a privilege escalation issue in Android MSF_LICENSE,
'Author' => [
'jduck', # original msf module
'joev' # static server
],
'References' => [
['URL', 'http://blog.trustlook.com/20
Metasploit
Android Browser and WebView addJavascriptInterface Code Execution
metasploit
Android Browser and WebView addJavascriptInterface Code Execution
Android Browser and WebView addJavascriptInterface Code Execution
This module exploits a privilege escalation issue in Android < 4.2's WebView component that arises when untrusted JavaScript code is executed by a WebView that has one or more Interfaces added to it. The untrusted JavaScript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP con
arXiv
Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications
arxiv_fulltext·2025-10-14
Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications
Security and Privacy Assessment of U.S. and
Non-U.S. Android E-Commerce Applications
Security and Privacy in Global E-Commerce Apps
Urvashi Kishnani^* 0000-0001-6389-5508
Sanchari Das^ 0000-0003-1299-7867
^*University of Denver, Denver, CO, USA
^ George Mason University, Fairfax, VA, USA
Kishnani and Das
## Abstract
E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weaknesses, with approximately 92% using unsecured HTTP connections and an average MobSF security score of 40.92/100. Over-privileged permissions were identified
HackerOne
Webview Vulnerablity [OwnCloudAndroid Application]
hackerone·2015-10-11
Webview Vulnerablity [OwnCloudAndroid Application]
Webview Vulnerablity [OwnCloudAndroid Application]
Hi **OwnCloud Team** ,
###Vulnerability Description:###
**What is Webview?:** We can load a remote URL or display HTML pages stored in our application within an activity using WebView. Internally it uses WebKit rendering engine to display web pages. It supports methods to navigate forward and backward, text searches, etc. It has some nice features such as support for the usage of JavaScript.
###Where I found it?###
In **SamlWebViewDialog.java.class** located under the path ` android/src/com/owncloud/android/ui/dialog/`
I clipped the important code which introduced this vulnerability in your app.
if (mSsoWebView == null) {
// initialize the WebView
mSsoWebView = new SsoWebView(getActivity().getApplicationContext());
mSsoWebView.setFo
http://50.56.33.56/blog/?p=314http://emobile.jp/products/sh/a01sh/systemsoftware.htmlhttp://jvn.jp/en/jp/JVN53768697/113349/index.htmlhttp://jvn.jp/en/jp/JVN53768697/397327/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995293/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995312/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995417/index.htmlhttp://jvn.jp/en/jp/JVN53768697/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000111http://openwall.com/lists/oss-security/2014/02/18/11http://50.56.33.56/blog/?p=314http://emobile.jp/products/sh/a01sh/systemsoftware.htmlhttp://jvn.jp/en/jp/JVN53768697/113349/index.htmlhttp://jvn.jp/en/jp/JVN53768697/397327/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995293/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995312/index.htmlhttp://jvn.jp/en/jp/JVN53768697/995417/index.htmlhttp://jvn.jp/en/jp/JVN53768697/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000111http://openwall.com/lists/oss-security/2014/02/18/11
2014-03-03
Published