Advisory Details

April 29th, 2015

(Mobile Pwn2Own) Amazon App Store Search String Cross-Site Scripting Vulnerability

ZDI-15-158
ZDI-CAN-2617

CVE ID
CVSS SCORE 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
AFFECTED VENDORS Amazon
AFFECTED PRODUCTS App Store
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['17033']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to inject scripts on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the search string variable. Starting the string with a closing script tag allows the attacker to insert HTML code. An attacker can chain this vulnerability with other vulnerabilities to install malicious applications.
ADDITIONAL DETAILS


There was not an advisory posted and no patch required, the issue was fixed server side.
DISCLOSURE TIMELINE
  • 2014-11-13 - Vulnerability reported to vendor
  • 2015-04-29 - Coordinated public release of advisory
CREDIT MWR Labs
BACK TO ADVISORIES