Vulnerability Description
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hsgroup | Forzearmate | - |
| Adobe | Phonegap | 2.0.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2014/02/07/9
- http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
- http://www.internetsociety.org/ndss2014/programme#session3
- http://openwall.com/lists/oss-security/2014/02/07/9
- http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
- http://www.internetsociety.org/ndss2014/programme#session3
FAQ
What is CVE-2014-1885?
CVE-2014-1885 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-st...
How severe is CVE-2014-1885?
CVE-2014-1885 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1885?
Check the references section above for vendor advisories and patch information. Affected products include: Hsgroup Forzearmate, Adobe Phonegap.