Primary

Context

BG.Studio Color Phone Call Screen App Intent-Based Call Placing Vulnerability

Vulnerability

A vulnerability in the Color Phone Call Screen App (com.asianmobile.callcolor) for Android, up to version 24, allows any application to place phone calls without user interaction. This is achieved by sending a crafted intent to the exported CallActivity component, bypassing normal permission requirements.

Impact

Exploitation of this vulnerability enables unauthorized phone calls to be placed from the affected device, without the user's consent.

Reproduction

The vulnerability can be reproduced by sending a crafted intent to the com.asianmobile.callcolor.ui.component.call.CallActivity component from any application installed on the device. This can be done without any special permissions, allowing the malicious app to place phone calls on behalf of the user, without their knowledge or consent.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BG.Studio Color Phone Call Screen App Intent-Based Call Placing Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating