CVE-2014-7911
published 2014-12-15CVE-2014-7911: luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization…
PriorityP353high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
24.35%
97.6th percentile
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 4.4.4 | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector targets the java.io.ObjectInputStream deserialization path in Android before 5.0.0; monitor for crafted Parcel/intent delivery to system_server containing serialized objects with malicious finalize methods ↗
- →The known proof-of-concept abuses the finalize method of android.os.BinderProxy; detection should look for unexpected invocation of BinderProxy.finalize() triggered via deserialization in system_server context ↗
- ·Vulnerability is present only in Android versions before 5.0.0; systems running Android 5.0.0 or later are not affected by this specific flaw ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Unit42
Have You Seen the Latest Threat Intelligence Research from Unit 42?
blogs_unit42·2015-02-20·CVSS 7.2
[HIGH] Have You Seen the Latest Threat Intelligence Research from Unit 42?
Unit 42, the Palo Alto Networks threat intelligence team, gathers, researches and analyzes up-to-the-minute threat data, sharing insights with Palo Alto Networks customers, partners and and the broader community to better protect enterprises and governments from advanced threats.
You can now have Unit 42 blog posts, research insights and white papers delivered straight to your inbox the minute they're posted. Sign up for a Unit 42 threat intelligence subscription today to be sure you're getting all the latest information from our worldwide threat research team.
Here are some recent highlights from Unit 42:
- CoolReaper Revealed: A Backdoor in Coolpad Android Devices
- Google Chrome Exploitation – A Case Study
- CVE-2014-7911 – A Deep Dive Analysis of Android System Service Vulnerability
Unit42
Have You Seen the Latest Threat Intelligence Research from Unit 42?
blogs_unit42·2015-02-20·CVSS 7.2
[HIGH] Have You Seen the Latest Threat Intelligence Research from Unit 42?
## Have You Seen the Latest Threat Intelligence Research from Unit 42?
Palo Alto Networks
Published: February 20, 2015
Malware
Threat Research
CoolReaper
CryptoWall 3.0
CTB-Locker
Google Chrome
Unit 42, the Palo Alto Networks threat intelligence team, gathers, researches and analyzes up-to-the-minute threat data, sharing insights with Palo Alto Networks customers, partners and and the broader community to better protect enterprises and governments from advanced threats.
You can now have Unit 42 blog posts, research insights and white papers delivered straight to your inbox the minute they're posted. Sign up for a Unit 42 threat intelligence subscription today to be sure you're getting all the latest information from our worldwide threat research team.
Here are some recent highl
arXiv
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
arxiv_fulltext·2022-08-17
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
[Imen Sayar]Imen Sayar^
[email protected]
University of Toulouse
Blagnac
France
31070
^ Part of this research was conducted when Imen Sayar was at the University of Luxembourg
[Alexandre Bartel]Alexandre Bartel^*
[email protected]
Umeå University
MIT-Huset
Umeå
Sweden
^*Part of this research was conducted when Alexandre Bartel was at the University of Luxembourg and the University of Copenhagen.
Eric Bodden
[email protected]
Paderborn University
Paderborn
Germany
Yves Le Traon
[email protected]
University of Luxembourg
6, rue Richard Coudenhove-Kalergi
Kirchberg Campus
Luxembourg
L-1359
## Abstract
Nowadays, an increasing number of applications uses deserializatio
2014-12-15
Published