CVE-2019-6742

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

Esta vulnerabilidad permite a los atacantes remotos ejecutar código arbitrario en instalaciones vulnerables de Samsung Galaxy S9 anterior de la verón 1.4.20.2. No se requiere identificación para aprovechar esta vulnerabilidad. El error específico existe en el manejo del mecanismo de actualización de GameServiceReceiver. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual. Fue ZDI-CAN-7477.