iLunascape for Android 'WebView' Class Information Disclosure Vulnerability

Bugtraq ID:	53619
Class:	Design Error
CVE:	CVE-2012-1249
Remote:	Yes
Local:	No
Published:	May 21 2012 12:00AM
Updated:	May 21 2012 12:00AM
Credit:	Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
Vulnerable:	Lunascape Corporation iLunascape 1.0.4.0
Not Vulnerable:	Lunascape Corporation iLunascape 1.0.5.0

iLunascape for Android 'WebView' Class Information Disclosure Vulnerability

iLunascape for Android is prone to an information-disclosure vulnerability.

Remote attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks.

iLunascape 1.0.4.0 and prior versions are vulnerable.

iLunascape for Android 'WebView' Class Information Disclosure Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:[email protected].

iLunascape for Android 'WebView' Class Information Disclosure Vulnerability

Solution:
Updates are available; please see the references for more information.

iLunascape for Android 'WebView' Class Information Disclosure Vulnerability

References:

• iLunascape Homepage (Lunascape Corporation)
  
• JVN#86044443 iLunascape for Android vulnerable in the WebView class (JPCERT)
  
• JVNDB-2012-000044 iLunascape for Android vulnerable in the WebView class (JPCERT)