ES File Explorer fails to restrict access permissions


ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted.

ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted.

Shiongu of satoweb and Masafumi Horimoto of HOLLY & Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

ES APP Group
  • ES File Explorer versions through


When using a specific function, a remote attacker may obtain local files that the application has permissions to view.

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

ES APP Group
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-0322

  1. JVN : JVN#08871006
  2. National Vulnerability Database (NVD) : CVE-2012-0322
Revision History

  • [2012/03/05]
      Web page was published