OS-MOBILE -- Snort has detected traffic targeting vulnerabilities in a mobile-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-MOBILE Android Stagefright MP4 buffer overflow attempt
This event is generated when an attacker attempts to exploit a memory corruption vulnerability in Android Stagefright.
Attempted Administrator Privilege Gain
This rule checks for attempts to exploit a memory corruption vulnerability in Android Stagefright's handling of MP4 files.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2015-3829Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.
||Ease of Access||