Vulnerability Description
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drinkedin | Drinkedin Barfinder | - |
| Adobe | Phonegap | 2.0.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2014/02/07/9
- http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdfExploit
- http://www.internetsociety.org/ndss2014/programme#session3
- http://openwall.com/lists/oss-security/2014/02/07/9
- http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdfExploit
- http://www.internetsociety.org/ndss2014/programme#session3
FAQ
What is CVE-2014-1887?
CVE-2014-1887 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geol...
How severe is CVE-2014-1887?
CVE-2014-1887 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1887?
Check the references section above for vendor advisories and patch information. Affected products include: Drinkedin Drinkedin Barfinder, Adobe Phonegap.