CVE-2018-10498
Description
A local attacker can read arbitrary files on Samsung Email prior to 5.0.02.16 via unvalidated file:/// URIs, leading to information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local attacker can read arbitrary files on Samsung Email prior to 5.0.02.16 via unvalidated file:/// URIs, leading to information disclosure.
Vulnerability
In Samsung Email versions prior to 5.0.02.16, the application fails to properly validate user-supplied data when handling file:/// URIs. A local attacker who already has the ability to execute low-privileged code on the target device can exploit this weakness to read arbitrary files [1].
Exploitation
An attacker must first obtain low-privileged code execution on the target system. The exploitation then uses a crafted file:/// URI that references a sensitive file on the device. The absence of validation for the supplied data allows the email application to serve the contents of that file to the attacker [1].
Impact
Successful exploitation results in disclosure of sensitive information, such as credentials, tokens, or private data stored in files accessible by the Email process. The attacker can leverage this information disclosure in conjunction with other vulnerabilities to escalate privileges on the system [1].
Mitigation
The vulnerability is fixed in Samsung Email version 5.0.02.16 [1]. Users should update to this version or later. No workarounds are provided in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: Fixed in version 5.0.02.16
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- zerodayinitiative.com/advisories/ZDI-18-557mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.