The com.cutestudio.colordialer application through 2.1.8...
Moderate severity
Unreviewed
Published
Sep 13, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Sep 13, 2023
Published to the GitHub Advisory Database
Sep 13, 2023
Last updated
Apr 4, 2024
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.
References