[CVE-2012-2646] The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android

Original release date:07/25/2012

Last revised:07/25/2012

Source: US-CERT/NIST

Overview

The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

The Sleipnir Mobile application 2.1.0 이전 버전과 Sleipnir Mobile Black Edition application 2.1.0 이전 버전에서 제대로 WebView class를 구현되지 않았다. 제대로 구현되지 않은 WebView class는 remote attacker가 조작된 application을 통해 민감한(중요한) 정보를 얻을 수 있다.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black

Hyperlink: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black

External Source: CONFIRM

Name: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir

Hyperlink: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir

External Source: JVNDB

Name: JVNDB-2012-000071

Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000071

External Source: JVN

Name: JVN#88643450

Hyperlink: http://jvn.jp/en/jp/JVN88643450/index.html

Vulnerable software and versions

  Configuration 1

OR

* cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4 and previous versions

* cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4::black and previous versions

* Denotes Vulnerable Software

* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)

Information Leak / Disclosure (CWE-200)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2646

[출처] : NIST(National Institute of Standards and Technology)