[Japanese]

JVNDB-2013-000029

Simeji vulnerable to information disclosure

Overview

Simeji contains an issue in the access permissions for the certain files.

Simeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Baidu
  • Simeji 4.8.1 and earlier

Impact

If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Baidu
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-0718
References

  1. JVN : JVN#77360971
  2. National Vulnerability Database (NVD) : CVE-2013-0718
Revision History

  • [2013/03/26]
      Web page was published