Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Samsung Galaxy设备目录遍历漏洞
Vulnerability Description
Samsung Galaxy S4等都是韩国三星(Samsung)公司发布的智能移动设备。 多款Samsung Galaxy设备的SwiftKey language-pack升级实现过程中存在目录遍历漏洞。远程攻击者可借助skslm.swiftkey.net域名的控制权限和ZIP归档的条目中的目录遍历字符‘..’利用该漏洞写入任意文件,并以提升的权限执行任意代码。以下产品受到影响:Samsung Galaxy S4,S4 Mini,S5,S6。
CVSS Information
N/A
Vulnerability Type
N/A