RCE in Microsoft Bing

CVE-2014-1670

The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.292 (96.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Bing
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
102575 (x_refsource_OSVDB, vdb-entry)
ms-bing-cve20141670-code-exec(90977) (vdb-entry, x_refsource_XF)
65128 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)