Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3975

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-3975
Last Modified 20 Oct 2011 10:56:24
Published 03 Oct 2011 11:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-3975

Summary

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Vulnerable Systems

Operating System

  • Google Android 2.3.4


References

XF - htc-htcloggers-info-disclosure(70270)

MISC - http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports

BID - 49916

MISC - http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

MISC - http://news.cnet.com/8301-1035_3-20114556-94/


Last Updated: 27 May 2016 10:57:47