search menu icon-carat-right cmu-wordmark

CERT Coordination Center

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Vulnerability Note VU#709806

Original Release Date: 2013-07-26 | Last Revised: 2013-07-29


TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service (CWE-20) vulnerability.


CWE-20: Improper Input Validation - CVE-2013-3580

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to with no arguments.


A malicious application installed on the phone may be able to disable the TrustGo Antivirus & Mobile Security software.


Apply an Update

TrustGo Antivirus & Mobile Security version 1.3.6 has been released to address this vulnerability.

Vendor Information


TrustGo Affected

Notified:  June 28, 2013 Updated: July 26, 2013



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C
Temporal 3 E:POC/RL:OF/RC:ND
Environmental 2.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to china.x.orion for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-3580
Date Public: 2013-07-26
Date First Published: 2013-07-26
Date Last Updated: 2013-07-29 13:15 UTC
Document Revision: 26

Sponsored by CISA.