[Japanese]

JVNDB-2013-000026

ArtIME Japanese Input vulnerable to information disclosure

Overview

ArtIME Japanese Input contains an issue in the access permissions for the certain files.

ArtIME Japanese Input is a Japanese Input Method Editor (IME) for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


codedesign
  • ArtIME Japanese Input 1.1.2 and earlier

Impact

If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

codedesign
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-0719
References

  1. JVN : JVN#80922020
  2. National Vulnerability Database (NVD) : CVE-2013-0719
Revision History

  • [2013/03/26]
      Web page was published