CVE-2017-8315
Information
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
As part of the development of Android application, it is necessary to configure a properly Androidmanifest.xml file.
The structure of the file is standard XML and contains several nodes which describe the general properties of the application such as permissions, logo, name and more.
In order to support the manifest structure, the IDEs contains XML parser which is vulnerable to Xml External Entity (XXE) attack.
Crash Dump
None
PoC
Attached
Attachments:
CVE-2017-8315-8316.xml
References:
https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/