Vulnerability Note VU#709806

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Original Release date: 26 Jul 2013 | Last revised: 29 Jul 2013

Overview

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service (CWE-20) vulnerability.

Description

CWE-20: Improper Input Validation - CVE-2013-3580

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to com.trustgo.mobile.security.USSDScannerActivity with no arguments.

Impact

A malicious application installed on the phone may be able to disable the TrustGo Antivirus & Mobile Security software.

Solution

Apply an Update

TrustGo Antivirus & Mobile Security version 1.3.6 has been released to address this vulnerability.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
TrustGoAffected28 Jun 201326 Jul 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C
Temporal 3.0 E:POC/RL:OF/RC:ND
Environmental 2.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to china.x.orion for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs: CVE-2013-3580
  • Date Public: 26 Jul 2013
  • Date First Published: 26 Jul 2013
  • Date Last Updated: 29 Jul 2013
  • Document Revision: 24

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.