CVE-2020-5764

MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in «Receive» mode. An attacker can exploit this by connecting to the MX Transfer session as a «sender» and sending a MessageType of «FILE_LIST» with a «name» field containing directory traversal characters (../). This will result in the file being transferred to the victim’s phone, but being saved outside of the intended «/sdcard/MXshare» directory. In some instances, an attacker can achieve remote code execution by writing «.odex» and «.vdex» files in the «oat» directory of the MX Player application.




twitter facebook youtube