Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-6612 PoC — Android libmedia 权限许可和访问控制漏洞

Source
https://github.com/secmob/CVE-2015-6612
Associated Vulnerability
Title:Android libmedia 权限许可和访问控制漏洞 (CVE-2015-6612)
Description:libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
Readme
# CVE-2015-6612
The detail of the vulnerability please refer to description.pdf 
My sad story about this bug:
I repoted this issue to ZDI last March, at the beginning, they said they couldn't reproduce it in the latest Android, after half a month comunication, they decided not to pursue acquisition of the bug.
Holded this bug for a long time, and I reported it to Google at Aug 21, 2015, but it become a duplicated issue. 
https://code.google.com/p/android/issues/detail?id=183414
the funny thing is it's duplicated with the issue reported at Aug 23, 2015, which is ANDROID-23540426 
https://groups.google.com/forum/#!topic/android-security-updates/GwZn7sixask
I don't know how the hell Google calculated the data, just release the PoC for fun.
File Snapshot

 [4.0K]  /data/pocs/966095d020248319d82907d5fe697f346f38886f
├── [250K]  description.pdf
├── [4.0K]  poc
│   ├── [ 740]  Android.mk
│   ├── [3.9K]  service.cpp
│   └── [ 409]  test.sh
└── [ 748]  README.md

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →