CPR-Zero: CVE-2017-8316

Information

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
As part of the development of Android application, it is necessary to configure a properly Androidmanifest.xml file.
The structure of the file is standard XML and contains several nodes which describe the general properties of the application such as permissions, logo, name and more.
In order to support the manifest structure, the IDEs contains XML parser which is vulnerable to Xml External Entity (XXE) attack.

Crash Dump

None

PoC

Attached

Attachments:
CVE-2017-8315-8316.xml

References:
https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/

Share this: