CVE-2015-4641

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S series (affected versions not specified)

Description The issue allows remote web servers to write to arbitrary files and execute arbitrary code in a privileged context by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive. This can be demonstrated by a traversal to the /data/dalvik-cache directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.