# N/A
## 漏洞概述
在PackageInstallerService.java的createSessionInternal方法中,由于输入验证不当,可能存在以任何应用的身份运行的风险。这可能导致不需要额外执行权限的本地权限提升。利用此漏洞不需要任何用户交互。
## 细节
在`PackageInstallerService.java`文件的`createSessionInternal`方法中,输入验证不足导致攻击者可以以任何应用的身份运行,从而造成本地权限升级。攻击者不需要任何额外的执行权限,也不需要用户交互即可利用此漏洞。
## 影响
此漏洞可能导致本地权限提升,攻击者可以利用此漏洞提升其在系统中的权限,执行未授权的操作。
是否为 Web 类漏洞: 未知
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely | https://github.com/scs-labrat/android_autorooter | POC详情 |
| 2 | CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 | https://github.com/pl4int3xt/cve_2024_0044 | POC详情 |
| 3 | 利用 CVE-2024-0044 Android 权限提升下载任意目标App沙箱文件。 | https://github.com/Re13orn/CVE-2024-0044-EXP | POC详情 |
| 4 | CVE-2024-0044: uma vulnerabilidade de alta gravidade do tipo "executar como qualquer aplicativo" que afeta as versões 12 e 13 do Android | https://github.com/007CRIPTOGRAFIA/c-CVE-2024-0044 | POC详情 |
| 5 | 利用CVE-2024-0044 在Android12、13 下提权 | https://github.com/Kai2er/CVE-2024-0044-EXP | POC详情 |
| 6 | CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 | https://github.com/hunter24x24/cve_2024_0044 | POC详情 |
| 7 | EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID extraction, payload generation, and real-time progress updates, providing a seamless and professional user experience. | https://github.com/nexussecelite/EvilDroid | POC详情 |
| 8 | a vulnerability affecting Android version 12 & 13 | https://github.com/nahid0x1/CVE-2024-0044 | POC详情 |
| 9 | CVE-2024-0044 | https://github.com/MrW0l05zyn/cve-2024-0044 | POC详情 |
| 10 | PoC and writeup for bypassing the initial patch of CVE-2024-0044, Android run-as any app vulnerability allowing privilege escalation from adb to installed app | https://github.com/canyie/CVE-2024-0044 | POC详情 |
| 11 | CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 | https://github.com/pl4int3xt/CVE-2024-0044 | POC详情 |
| 12 | CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 | https://github.com/0xbinder/CVE-2024-0044 | POC详情 |
| 13 | CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 | https://github.com/Dit-Developers/CVE-2024-0044- | POC详情 |
| 14 | EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID extraction, payload generation, and real-time progress updates, providing a seamless and professional user experience. | https://github.com/sridhar-sec/EvilDroid | POC详情 |
| 15 | a vulnerability affecting Android version 12 & 13 | https://github.com/nishan0x1/CVE-2024-0044 | POC详情 |
| 16 | a vulnerability affecting Android version 12 & 13 | https://github.com/l1ackernishan/CVE-2024-0044 | POC详情 |
| 17 | a vulnerability affecting Android version 12 & 13 | https://github.com/l1ackerronin/CVE-2024-0044 | POC详情 |
| 18 | Automated Exploit for CVE-2024-0044 . | https://github.com/Athexhacker/EXPLOITER | POC详情 |
| 19 | CVE-2024-0044_PoC | https://github.com/HoyoenKim/CVE-2024-0044_PoC | POC详情 |
| 20 | a vulnerability affecting Android version 12 & 13 | https://github.com/ronin0x1/CVE-2024-0044 | POC详情 |
| 21 | CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13. This repo demonstrates how to exploit CVE-2024-0044. For educational and testing purposes only. | https://github.com/Dit-Developers/CVE-2024-0044 | POC详情 |
| 22 | A robust digital forensics tool for extracting and analyzing Google Chrome artifacts from Android devices | https://github.com/JackTekno/Chrome-Forensic_CVE-2024-0044 | POC详情 |
暂无评论