QwikSec

Security Database

CVE

CWE

Training

CVE-2011-3975

Published: Oct 3, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

htc-htcloggers-info-disclosure(70270)

vdb-entry

x_refsource_XF

http://news.cnet.com/8301-1035_3-20114556-94/

x_refsource_MISC

http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports

x_refsource_MISC

http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.