PT-2025-3001 · Unknown · Com.Windymob.Callscreen.Ringtone.Callcolor.Colorphone+1

Edward Warren

·

Publicado

2025-01-06

·

Atualizado

2025-01-08

·

CVE-2024-53934

CVSS v3.1

7.7

Alta

VetorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) versions 1.1.2 and earlier
Description The issue allows any application to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component. This enables unauthorized call placement.
Recommendations For versions 1.1.2 and earlier, as a temporary workaround, consider restricting access to the com.frovis.androidbase.call.DialerActivity component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281

Identificadores relacionados

CVE-2024-53934

Produtos afetados

Com.Frovis.Androidbase.Call.Dialeractivity
Com.Windymob.Callscreen.Ringtone.Callcolor.Colorphone