BID:53187

Multiple HTC Devices CVE-2012-2217 Security Bypass Vulnerability

Info

Multiple HTC Devices CVE-2012-2217 Security Bypass Vulnerability

Bugtraq ID:	53187
Class:	Access Validation Error
CVE:	CVE-2012-2217
Remote:	Yes
Local:	No
Published:	Apr 20 2012 12:00AM
Updated:	Mar 19 2015 09:26AM
Credit:	Dan Rosenberg
Vulnerable:	HTC Vivid on AT&T 0 HTC Hero on Sprint 0 HTC EVO View 4G 0 HTC EVO Shift 4G 0 HTC EVO Design 4G 0 HTC EVO 4G 0 HTC EVO 3D 0

Not Vulnerable:	HTC Vivid 3.26.502.56 0 HTC EVO View 4G 2.23.651.1 0 HTC EVO Shift 4G 2.77.651.3 0 HTC EVO Design 4G 2.12.651.5 0 HTC EVO 4G 4.67.651.3 0 HTC EVO 3D 2.17.651.5 0

Discussion

Multiple HTC Devices CVE-2012-2217 Security Bypass Vulnerability

Multiple HTC devices are prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions.

Exploit / POC

Multiple HTC Devices CVE-2012-2217 Security Bypass Vulnerability

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Multiple HTC Devices CVE-2012-2217 Security Bypass Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

References

Multiple HTC Devices CVE-2012-2217 Security Bypass Vulnerability

References:

Android Homepage (Android)
Carrier IQ Homepage (Carrier IQ)
HTC IQRD Android Permission Leakage (VSecurity)
Vendor Homepage (HTC)