Nick Kralevich

**Name of the Vulnerable Software and Affected Versions** Android versions 2.2.x through 2.2.2 Android versions 2.3.x through 2.3.6 **Description** The issue is a stack-based buffer overflow in libsysutils. It allows remote attackers to execute arbitrary code via an application that calls the `FrameworkListener::dispatchCommand` method with the wrong number of arguments. This can trigger a use-after-free error, as demonstrated by the zergRush exploit. **Recommendations** For Android versions 2.2.x through 2.2.2, update to a version outside of this range to resolve the issue. For Android versions 2.3.x through 2.3.6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the `FrameworkListener::dispatchCommand` method until a patch is available.