CVE-2014-1979

The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN89260331/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nttdocomo:spmode_mail_android:6000:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6200:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6620:::::android::

OR	cpe:2.3:o:google:android:4.1:::::::*
	cpe:2.3:o:google:android:4.1.2:::::::*
	cpe:2.3:o:google:android:4.2:::::::*
	cpe:2.3:o:google:android:4.2.1:::::::*
	cpe:2.3:o:google:android:4.2.2:::::::*
	cpe:2.3:o:google:android:4.3:::::::*
	cpe:2.3:o:google:android:4.3.1:::::::*
	cpe:2.3:o:google:android:4.4:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:nttdocomo:spmode_mail_android:5900:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6000:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6200:::::android::
	cpe:2.3:a:nttdocomo:spmode_mail_android:6300:::::android::

OR	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*
	cpe:2.3:o:google:android:4.0.3:::::::*
	cpe:2.3:o:google:android:4.0.4:::::::*

History

No history.

Information

Published : 2014-03-19 14:17

Updated : 2023-12-10 11:31

NVD link : CVE-2014-1979

Mitre link : CVE-2014-1979

CVE.ORG link : CVE-2014-1979

JSON object : View

Products Affected

google

android

nttdocomo

spmode_mail_android

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2014-1979", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-03-19T14:17:45.117", "references": [{"url": "http://jvn.jp/en/jp/JVN89260331/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."}, {"lang": "es", "value": "La aplicaci\u00f3n de correo NTT DOCOMO sp mode 5900 hasta 6300 para Android 4.0.x y 6000 hasta 6620 para Android 4.1 hasta 4.4 permite a atacantes remotos ejecutar m\u00e9todos Java arbitrarios a trav\u00e9s de datos POP Deco-mail emoticon en un mensaje de email."}], "lastModified": "2014-03-20T16:36:50.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:6000:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "B4D56149-DCF9-414E-A718-9DC5C2FB1106"}, {"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:6200:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "7FF44DAF-E177-4910-85D1-5A9FEDF18318"}, {"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:6620:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "42DCA324-A8D5-427E-A8AC-593AE8129FA7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825"}, {"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"}, {"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"}, {"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80"}, {"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A"}, {"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"}, {"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F"}, {"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:5900:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A2C5ABA5-5F23-42C5-9B09-C8559DC417C8"}, {"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:6000:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "B4D56149-DCF9-414E-A718-9DC5C2FB1106"}, {"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:6200:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "7FF44DAF-E177-4910-85D1-5A9FEDF18318"}, {"criteria": "cpe:2.3:a:nttdocomo:spmode_mail_android:6300:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "D24242AD-2016-488F-9FC9-76210F05B861"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449"}, {"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A"}, {"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B"}, {"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"}, {"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}