HTC Touch SMS Preview Popup Script Injection Vulnerability
BID:39640
Info
HTC Touch SMS Preview Popup Script Injection Vulnerability
| Bugtraq ID: | 39640 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2010 12:00AM |
| Updated: | Apr 26 2010 05:32PM |
| Credit: | Michael Mueller from Integralis |
| Vulnerable: |
Microsoft Windows Mobile 6.5 HTC TOUCH PRO 2 |
| Not Vulnerable: | |
Discussion
HTC Touch SMS Preview Popup Script Injection Vulnerability
HTC Touch Windows Mobile is prone to a script-injection vulnerability.
An attacker may leverage this issue to execute arbitrary script code through an SMS message to carry out an attack, such as directing a user to a malicious site. This may allow attackers to carry out other attacks as well.
HTC Touch Windows Mobile is prone to a script-injection vulnerability.
An attacker may leverage this issue to execute arbitrary script code through an SMS message to carry out an attack, such as directing a user to a malicious site. This may allow attackers to carry out other attacks as well.
Exploit / POC
HTC Touch SMS Preview Popup Script Injection Vulnerability
An attacker can use a text messaging application to exploit this issue.
An attacker can use a text messaging application to exploit this issue.
Solution / Fix
HTC Touch SMS Preview Popup Script Injection Vulnerability
Solution:
Reports indicate that this issue has been fixed. Please see the references for more information.
Solution:
Reports indicate that this issue has been fixed. Please see the references for more information.
References
HTC Touch SMS Preview Popup Script Injection Vulnerability
References:
References: