CVE-2017-17551
Last modified
CVE-2017-17551 is a vulnerability of currently unknown severity. The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. EPSS estimates a 0.96% chance of exploitation in the next 30 days.
Description
The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Changyou | Dolphin | 12.0.2 |
References
- https://github.com/VerSprite/research/blob/master/advisories/VS-2017-001.mdIssue Tracking, Third Party Advisory
- https://github.com/VerSprite/research/blob/master/advisories/VS-2017-001.mdIssue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17551?
How severe is CVE-2017-17551?
How do I fix CVE-2017-17551?
Are you affected by CVE-2017-17551?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST