What is CVE-2012-6636?

CVE-2012-6636 is a vulnerability in Google Android_api, classified under CWE-264. Published 2014-03-03.

Is CVE-2012-6636 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Android_api

CVE-2012-6636

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that…

EPSS: 0.763 (99.0th percentile) — read the EPSS interpretation.

Affected products

Google Android_api — versions 1.0, 2.0, 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
JVN#62161191 (x_refsource_JVN, third-party-advisory)

Frequently asked questions

What is CVE-2012-6636?: CVE-2012-6636 is a vulnerability in Google Android_api, classified under CWE-264. Published 2014-03-03.
Is CVE-2012-6636 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.