Vulnerability Note VU#709806
TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability
Overview
TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service (CWE-20) vulnerability.
Description
CWE-20: Improper Input Validation - CVE-2013-3580 TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to com.trustgo.mobile.security.USSDScannerActivity with no arguments. |
Impact
A malicious application installed on the phone may be able to disable the TrustGo Antivirus & Mobile Security software. |
Solution
Apply an Update |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
TrustGo | Affected | 28 Jun 2013 | 26 Jul 2013 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 3.8 | AV:L/AC:H/Au:S/C:N/I:N/A:C |
Temporal | 3.0 | E:POC/RL:OF/RC:ND |
Environmental | 2.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- https://play.google.com/store/apps/details?id=com.trustgo.mobile.security
- http://cwe.mitre.org/data/definitions/20.html
Credit
Thanks to china.x.orion for reporting this vulnerability.
This document was written by Adam Rauf.
Other Information
- CVE IDs: CVE-2013-3580
- Date Public: 26 Jul 2013
- Date First Published: 26 Jul 2013
- Date Last Updated: 29 Jul 2013
- Document Revision: 24
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.