CVE-2011-3975

Summary

CVE	CVE-2011-3975
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-10-03 15:55:00 UTC
Updated	2017-08-29 01:30:00 UTC
Description	A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Google	Android	2.3.4	All	All	All
Operating System	Google	Android	2.3.4	All	All	All
Hardware	Htc	Evo 3d	All	All	All	All
Hardware	Htc	Evo 3d	All	All	All	All
Hardware	Htc	Evo 4g	All	All	All	All
Hardware	Htc	Evo 4g	All	All	All	All
Hardware	Htc	Thunderbolt	All	All	All	All
Hardware	Htc	Thunderbolt	All	All	All	All

References

Reference	Source	Link	Tags
Thunderbolt, other HTC phones have big security hole, report claims - CNET	MISC	news.cnet.com
www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports	MISC	www.thetechherald.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Multiple HTC devices 'HtcLoggers.apk' Application Information Disclosure Vulnerability	BID	www.securityfocus.com
Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More	MISC	www.androidpolice.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.