[Japanese]

JVNDB-2012-000020

ES File Explorer fails to restrict access permissions

Overview

ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted.

ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted.

Shiongu of satoweb and Masafumi Horimoto of HOLLY & Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


ES APP Group
  • ES File Explorer versions 1.6.0.2 through 1.6.1.1

Impact

When using a specific function, a remote attacker may obtain local files that the application has permissions to view.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

ES APP Group
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-0322
References

  1. JVN : JVN#08871006
  2. National Vulnerability Database (NVD) : CVE-2012-0322
Revision History

[2012/03/05]
  Web page was published