CVE-2015-7889
Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
La aplicación SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos débiles para la acción de servicio com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND. Esto puede permitir que atacantes remotos que conozcan la dirección de email local obtengan información sensible mediante una aplicación manipulada que envíe un intent manipulado.
The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-22 CVE Reserved
- 2015-10-28 CVE Published
- 2024-05-13 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-275: Permission Issues
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html | Third Party Advisory | |
http://www.securityfocus.com/bid/77339 | Third Party Advisory | |
https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1 | Issue Tracking |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/38558 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | <= 5.1.1 Search vendor "Google" for product "Android" and version " <= 5.1.1" | - |
Affected
| in | Samsung Search vendor "Samsung" | Galaxy S6 Edge Search vendor "Samsung" for product "Galaxy S6 Edge" | - | - |
Safe
|