[Japanese]

JVNDB-2013-000025

OpenWnn for Android vulnerable to information disclosure

Overview

OpenWnn for Android contains an issue in the access permissions for certain files.

OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor (IME). OpenWnn for Android contains an issue in the access permissions for certain files.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


OMRON Corporation
  • OpenWnn for Android 1.3.5 and earlier

Impact

If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.

[Apply a workaround]
The following workaround may mitigate the affects of this vulnerability until an update can be applied.

Stop using OpenWnn for Android and use another IME software.
Vendor Information

OMRON Corporation
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-2301
References

  1. JVN : JVN#01167429
  2. National Vulnerability Database (NVD) : CVE-2013-2301
Revision History

  • [2013/03/29]
      Web page was published