N/A

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.

N/A

特权管理不恰当

Samsung Members 权限许可和访问控制漏洞

Samsung Members是韩国三星（Samsung）公司的一款针对Samsung手机的会员服务应用程序。 Samsung Members中Intents的处理存在提权漏洞。远程攻击者可通过获取低权限代码的执行权限利用该漏洞提升权限。

N/A

N/A