Executive Summary

Informations
NameCVE-2011-3975First vendor Publication2011-10-03
VendorCveLast vendor Modification2011-10-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3975

CWE : Common Weakness Enumeration

idName
CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware1
Hardware1
Hardware1
Os1

Open Source Vulnerability Database (OSVDB)

idDescription
76804Android Multiple HTC Devices Sense Interface HtcLoggers.apk Application andro...

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/49916
MISChttp://news.cnet.com/8301-1035_3-20114556-94/
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc...
http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnera...
XFhttp://xforce.iss.net/xforce/xfdb/70270

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:09:41
  • Multiple Updates