Vulnerability Details CVE-2019-10251
The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.9%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://news.drweb.com/show/?i=13176&c=38
- https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
- https://news.drweb.com/show/?i=13176&c=38
- https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
Products affected by CVE-2019-10251
-
cpe:2.3:a:ucweb:uc_browser:-
-
cpe:2.3:a:ucweb:uc_browser:11.2.5.932
-
cpe:2.3:a:ucweb:uc_browser:13.0.8
-
cpe:2.3:a:ucweb:uc_browser:2019-03-26