Remote Code Execution Vulnerability in Cybozu Live Android Application
CVE-2012-4009

Currently unrated

Key Information:

Vendor: Cybozu
Status: Cybozu Live
Vendor: CVE Published:; 31 August 2012

What is CVE-2012-4009?

The Cybozu Live application for Android versions 1.0.4 and earlier contains a vulnerability in the WebView class that permits remote attackers to execute arbitrary JavaScript code. This is achieved through a malicious application that embeds this code into a local file associated with a file URL. Consequently, sensitive user information can be accessed by unauthorized individuals, highlighting the critical need for users and administrators to update to secure versions and implement robust security practices.

References

http://jvn.jp/en/jp/JVN77393797/index.html

third-party-advisoryx_refsource_JVN

http://magazine.cybozulive.com/2012/08/291200.html

x_refsource_CONFIRM

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000082

third-party-advisoryx_refsource_JVNDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 31, 2012

CVE-2012-4009 Data

JSON