Required CVE Record Information
Description
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- securityfocus.com: 77339 vdb-entryx_transferred
- http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html x_transferred
- exploit-db.com: 38558 exploitx_transferred
- https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1 x_transferred