CVE-2017-17551

{"id": "CVE-2017-17551", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-12-11T18:29:00.187", "references": [{"url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2017-001.md", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code."}, {"lang": "es", "value": "La caracter\u00edstica Backup and Restore en Mobotap Dolphin Browser 12.0.2 para Android tiene una vulnerabilidad de escritura de archivos arbitrarios cuando intenta restaurar la configuraci\u00f3n del navegador de un archivo de copia de seguridad de Dolphin Browser malicioso. Esta vulnerabilidad de escritura de archivos arbitrarios permite que un atacante sobrescriba un ejecutable espec\u00edfico en el directorio de datos de Dolphin Browser con un ejecutable manipulado malicioso. Cada vez que se inicia Dolphin Browser, intentar\u00e1 abrir el ejecutable desde el disco. Por lo tanto, se ejecutar\u00e1 el c\u00f3digo del atacante."}], "lastModified": "2018-01-04T18:45:54.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:changyou:dolphin:12.0.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "24474279-C36C-41C9-BFAE-2CB095DBC35F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}