CVE-2011-3975

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*
OR cpe:2.3:h:htc:evo_3d:*:*:*:*:*:*:*:*
cpe:2.3:h:htc:evo_4g:*:*:*:*:*:*:*:*
cpe:2.3:h:htc:thunderbolt:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:31

Type Values Removed Values Added
References () http://news.cnet.com/8301-1035_3-20114556-94/ - () http://news.cnet.com/8301-1035_3-20114556-94/ -
References () http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ - () http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ -
References () http://www.securityfocus.com/bid/49916 - () http://www.securityfocus.com/bid/49916 -
References () http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports - () http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/70270 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/70270 -

Information

Published : 2011-10-03 15:55

Updated : 2024-11-21 01:31


NVD link : CVE-2011-3975

Mitre link : CVE-2011-3975

CVE.ORG link : CVE-2011-3975


JSON object : View

Products Affected

htc

  • evo_4g
  • thunderbolt
  • evo_3d

google

  • android
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor