Vulnerability Description
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 2.3.4 | |
| Htc | Evo 3D | All versions |
| Htc | Evo 4G | All versions |
| Htc | Thunderbolt | All versions |
Related Weaknesses (CWE)
References
- http://news.cnet.com/8301-1035_3-20114556-94/
- http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-an
- http://www.securityfocus.com/bid/49916
- http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerabil
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70270
- http://news.cnet.com/8301-1035_3-20114556-94/
- http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-an
- http://www.securityfocus.com/bid/49916
- http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerabil
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70270
FAQ
What is CVE-2011-3975?
CVE-2011-3975 is a vulnerability with a CVSS score of 2.6 (LOW). A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, whi...
How severe is CVE-2011-3975?
CVE-2011-3975 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3975?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Htc Evo 3D, Htc Evo 4G, Htc Thunderbolt.