CVE-2024-46960
📋 TL;DR
This vulnerability allows attackers to execute arbitrary JavaScript code in the HD Video Downloader All Format Android app through a vulnerable component. It affects users of the app version 7.0.129 and earlier on Android devices. Attackers can potentially steal data or perform unauthorized actions within the app context.
💻 Affected Systems
- HD Video Downloader All Format (com.rocks.video.downloader)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of user data within the app, including downloaded videos, browsing history, and potentially device access if combined with other vulnerabilities.
Likely Case
Data theft from the app, unauthorized downloads, or manipulation of app functionality.
If Mitigated
Limited impact if app has minimal permissions and user data is isolated.
🎯 Exploit Status
Exploitation requires user interaction to trigger the vulnerable component, but no authentication is needed once triggered.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check Google Play Store for app updates. 2. If no update is available, uninstall the app. 3. Consider alternative video downloader apps from trusted developers.
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove the HD Video Downloader All Format app from Android devices
adb uninstall com.rocks.video.downloader
Disable app permissions
androidRevoke all permissions from the app in Android settings
🧯 If You Can't Patch
- Isolate the app using Android work profile or containerization
- Monitor for suspicious network activity from the app
🔍 How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > HD Video Downloader All Format. If version is 7.0.129 or earlier, it's vulnerable.Check Version:
adb shell dumpsys package com.rocks.video.downloader | grep versionNameVerify Fix Applied:
Verify app is either updated to version after 7.0.129 or completely uninstalled.📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript execution in app logs
- Suspicious URL loading in MainBrowserActivity
Network Indicators:
- Unexpected outbound connections from the app
- Downloads from untrusted sources
SIEM Query:
app:"com.rocks.video.downloader" AND (event:"javascript_execution" OR url:*javascript*)