[Japanese]
|
JVNDB-2012-000077
|
Multiple GREE Android applications vulnerable in the WebView class
|
Multiple Android applications provided by GREE contain a vulnerability in the WebView class.
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc., Katsuhiko Sato of Japan Smartphone Security Association(JSSEC) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
KDDI and GREE
- GREE Market versions prior to 2.1.2
GREE, Inc.
- GREE versions prior to 1.4.0
- haconiwa versions prior to 1.1.0
- Monpura versions prior to 1.1.1
- Kaizokuoukoku Columbus versions prior to 1.3.5
- Seisen Cerberus versions prior to 1.1.0
- Tanken Dorirando versions prior to 1.0.7
- Tsurisuta versions prior to 1.5.0
|
Note that these applications are available only in Japanese.
|
If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.
|
[Update the software]
Update to the latest version according to the information provided by the developer.
|
KDDI and GREE
GREE, Inc.
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2012-4006
|
- JVN : JVN#99192898
- National Vulnerability Database (NVD) : CVE-2012-4006
|
- [2012/08/17]
Web page was published
|