NVD

Id
40317  
Name
CVE-2013-4787  
Description
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2013-07-09  
Modified Date
2013-10-11  
Seq
2013-4787  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
204879 40317 CVE-2013-4787 http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/  View
204880 40317 CVE-2013-4787 http://review.cyanogenmod.org/#/c/45251/  View
204881 40317 CVE-2013-4787 60952  View
204882 40317 CVE-2013-4787 http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782/  View
204883 40317 CVE-2013-4787 https://jira.cyanogenmod.org/browse/CYAN-1602  View
204884 40317 CVE-2013-4787 https://plus.google.com/113331808607528811927/posts/GxDA6111vYy  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
21678 JVNDB-2013-003253 Android における任意のコードを実行される脆弱性 Android は、アプリケーションの暗号化署名を適切にチェックしないため、任意のコードを実行される脆弱性が存在します。 CVE-2013-4787 64729 CVE-2013-4787 40317 9.3 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003253.html 2013-07-03 2013-07-11 View