CVE-2014-1885

high

Description

The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.

References

http://www.internetsociety.org/ndss2014/programme#session3

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf

http://openwall.com/lists/oss-security/2014/02/07/9

Details

Source: Mitre, NVD

Published: 2014-03-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00519