Executive Summary

Informations
Name CVE-2011-3975 First vendor Publication 2011-10-03
Vendor Cve Last vendor Modification 2011-10-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3975

CWE : Common Weakness Enumeration

idName
CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware1
Hardware1
Hardware1
Os1

Open Source Vulnerability Database (OSVDB)

idDescription
76804Android Multiple HTC Devices Sense Interface HtcLoggers.apk Application andro...

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/49916
MISC http://news.cnet.com/8301-1035_3-20114556-94/
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc...
http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnera...
XF http://xforce.iss.net/xforce/xfdb/70270

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:09:41
  • Multiple Updates