what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Framer Preview 12 Content Injection

Framer Preview 12 Content Injection
Posted Sep 22, 2020
Authored by Julien Ahrens | Site rcesecurity.com

Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.

tags | advisory
advisories | CVE-2020-25203
SHA-256 | e54f0aa32e54c06b14955e19264b2f743bd0ebfed0a629f5cc6a8d1038c27426

Framer Preview 12 Content Injection

Change Mirror Download
RCE Security Advisory
https://www.rcesecurity.com


1. ADVISORY INFORMATION
=======================
Product: Framer Preview
Vendor URL: https://play.google.com/store/apps/details?id=com.framerjs.android
Type: Improper Export of Android Application Components [CWE-926]
Date found: 2020-09-06
Date published: 2020-09-22
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25203


2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.


3. VERSIONS AFFECTED
====================
Framer Preview 12


4. INTRODUCTION
===============
Framer Preview is the best way to view and interact with your Framer X and Framer
Classic projects on Android phones and tablets.

(from the vendor's homepage)


5. VULNERABILITY DETAILS
========================
The "Framer Preview" app for Android exposes an activity to other apps called
"com.framer.viewer.FramerViewActivity". The purpose of this activity is to show
contents of a given URL via an fullscreen overlay to the app user.

However, the app does neither enforce any authorization schema on the activity
nor does it validate the given URL.

This can be abused by an attacker (malicious app) to load any website/web content
into the fullscreen overlay. An exemplary exploit could look like the following:

Intent i = new Intent();
i.setComponent(new ComponentName("com.framerjs.android", "com.framer.viewer.FramerViewActivity"));
i.setAction("android.intent.action.VIEW");
i.setData(Uri.parse("https://www.rcesecurity.com"));
startActivity(i);


6. RISK
=======
A malicious app on the same device is able to exploit this vulnerability to lead
the user to any webpage/content. The specific problem here is the assumed trust
boundary between the user having the Framer Preview app installed and what the app
is actually doing/displaying to the user. So if the user sees the app being
loaded and automatically loading another page, it can be assumed that the loaded
page is also trusted by the user.


7. SOLUTION
===========
-


8. REPORT TIMELINE
==================
2020-09-06: Discovery of the vulnerability
2020-09-06: CVE requested from MITRE
2020-09-07: Contacted vendor via their security@, no response
2020-09-08: MITRE assigns CVE-2020-25203
2020-09-09: Informed vendor about the CVE assignment, no response
2020-09-22: Public disclosure due to unresponsive vendor


9. REFERENCES
=============
-


Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close