Vulnerability CVE-2011-3975


Published: 2011-10-03   Modified: 2012-02-13

Description:
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
HTC -> Evo 3d 
HTC -> Evo 4g 
HTC -> Thunderbolt 
Google -> Android 

 References:
http://xforce.iss.net/xforce/xfdb/70270
http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports
http://www.securityfocus.com/bid/49916
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
http://news.cnet.com/8301-1035_3-20114556-94/

Copyright 2024, cxsecurity.com

 

Back to Top