CVE-2016-6754
published 2016-11-25CVE-2016-6754: A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to…
PriorityP260high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
4.59%
90.5th percentile
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 6.0.1 | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| google_inc | android | — | — |
| google_inc | android | — | — |
| google_inc | android | — | — |
| google_inc | android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation targets WebView in Android 5.0.x, 5.1.x, and 6.x; monitor for suspicious WebView-initiated remote code execution in unprivileged processes on unpatched Android devices ↗
- →Exploit is delivered via a malicious web page; the attack vector is drive-by browsing, so network-level detection should focus on suspicious JavaScript leveraging DataView/ArrayBuffer manipulation patterns consistent with heap exploitation (e.g., use of DataView.setUint32 to overwrite controlled memory addresses) ↗
- →The exploit is publicly known as 'BadKernel' RCE; threat hunting should search for this exploit name in proxy/IDS logs and endpoint telemetry ↗
- →Affected AOSP versions are 5.0.2, 5.1.1, 6.0, and 6.0.1; asset inventory checks should flag devices running these versions as vulnerable ↗
- ·The exploit targets an unprivileged process (WebView renderer); post-exploitation activity may be sandboxed and require a privilege escalation chain for full device compromise ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-89vq-xp4x-vhgg: A remote code execution vulnerability in Webview in Android 5
ghsa_unreviewed·2022-05-17
CVE-2016-6754 [HIGH] CWE-74 GHSA-89vq-xp4x-vhgg: A remote code execution vulnerability in Webview in Android 5
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
OSV
CVE-2016-6754: A remote code execution vulnerability in Webview in Android 5
osv·2016-11-25·CVSS 8.8
CVE-2016-6754 [HIGH] CVE-2016-6754: A remote code execution vulnerability in Webview in Android 5
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
Android
CVE-2016-6754: Android Security Bulletin 2016-11-01
CVE: CVE-2016-6754
Severity: HIGH
Affected AOSP versions: 5
vendor_android·2016-11-01·CVSS 8.8
CVE-2016-6754 [HIGH] CVE-2016-6754: Android Security Bulletin 2016-11-01
CVE: CVE-2016-6754
Severity: HIGH
Affected AOSP versions: 5
Android Security Bulletin 2016-11-01
CVE: CVE-2016-6754
Severity: HIGH
Affected AOSP versions: 5.0.2, 5.1.1, 6.0, 6.0.1
References: A-31217937
No detection rules found.
No writeups or analysis indexed.
2016-11-25
Published