CVE-2009-2348
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
17/07/2009
Last modified:
09/04/2025
Description
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.
Impact
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba%3Dcommit%3Bh%3D4d8adefd35efdea849611b8b02d61f9517e47760
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba%3Dcommit%3Bh%3D7b7225c8fdbead25235c74811b30ff4ee690dc58
- http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba%3Dcommit%3Bh%3De655d54160e5a56d4909f2459eeae9012e9f187f
- http://www.ocert.org/advisories/ocert-2009-011.html
- http://www.openwall.com/lists/oss-security/2009/07/16/4
- http://www.securityfocus.com/archive/1/505012/100/0/threaded
- http://www.securityfocus.com/bid/35717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51798
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba%3Dcommit%3Bh%3D4d8adefd35efdea849611b8b02d61f9517e47760
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba%3Dcommit%3Bh%3D7b7225c8fdbead25235c74811b30ff4ee690dc58
- http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba%3Dcommit%3Bh%3De655d54160e5a56d4909f2459eeae9012e9f187f
- http://www.ocert.org/advisories/ocert-2009-011.html
- http://www.openwall.com/lists/oss-security/2009/07/16/4
- http://www.securityfocus.com/archive/1/505012/100/0/threaded
- http://www.securityfocus.com/bid/35717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51798