CVE-2014-1979

The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN89260331/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nttdocomo:spmode_mail_android:6620:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6000:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6200:::::android::

OR	cpe:2.3:o:google:android:4.3:::::::*
	cpe:2.3:o:google:android:4.2:::::::*
	cpe:2.3:o:google:android:4.2.1:::::::*
	cpe:2.3:o:google:android:4.2.2:::::::*
	cpe:2.3:o:google:android:4.1:::::::*
	cpe:2.3:o:google:android:4.4:::::::*
	cpe:2.3:o:google:android:4.3.1:::::::*
	cpe:2.3:o:google:android:4.1.2:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:nttdocomo:spmode_mail_android:5900:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6300:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6200:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6000:::::android::

OR	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*
	cpe:2.3:o:google:android:4.0.4:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.3:::::::*

Information

Published : 2014-03-19 07:17

Updated : 2014-03-20 09:36

NVD link : CVE-2014-1979

Mitre link : CVE-2014-1979

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

google

android

nttdocomo

spmode_mail_android

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://jvn.jp/en/jp/JVN89260331/index.html", "name": "JVN#89260331", "tags": [], "refsource": "JVN"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029", "name": "JVNDB-2014-000029", "tags": [], "refsource": "JVNDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-1979", "ASSIGNER": "vultures@jpcert.or.jp"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-03-19T14:17Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:6620:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:6000:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:6200:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:5900:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:6300:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:6200:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nttdocomo:spmode_mail_android:6000:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-03-20T16:36Z"}