Vulnerability Details : CVE-2011-0680
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Products affected by CVE-2011-0680
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*
- cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0680
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2011-0680
-
http://code.google.com/p/android/issues/detail?id=9392#c1620
Inloggen - Google Accounts
-
http://code.google.com/p/android/issues/detail?id=9392#c1460
Inloggen - Google Accounts
-
http://www.htcphones.net/nexus-one-update-to-android-2-2-2/
-
http://www.engadget.com/2011/01/22/nexus-one-gets-tiny-update-to-android-2-2-2-probably-fixes-sms/
Nexus One gets tiny update to Android 2.2.2, fixes SMS routing issues
-
http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=18d6b7e9d2e538fb3c0264332b96c02abf367267
Patch
-
http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=4d26623ce82230e8e7009adb921c5edea370a9e0
Patch
-
http://www.samsunghub.com/2011/01/22/nexus-s-gets-android-2-3-2-fixes-sms-bug/
Nexus S gets Android 2.3.2, fixes SMS bug - Sammy Hub
-
http://www.theinquirer.net/inquirer/news/1939386/google-updates-nexus-android-222
Google updates Nexus One to Android 2.2.2 | TheINQUIRERPatch
-
http://twitter.com/GalaxySsupport/statuses/28078194607263744
Twitter / ?
-
http://phandroid.com/2011/01/21/android-2-3-2-update-pushing-to-nexus-s-phone-fixes-sms-bug/
Android 2.3.2 Update Pushing to Nexus S Phone, Fixes SMS Bug
-
http://www.securityfocus.com/bid/46105
Open Handset Alliance Android 'data/WorkingMessage.java' Information Disclosure Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65125
Open Handset Alliance Android WorkingMessage.java information disclosure CVE-2011-0680 Vulnerability Report
Jump to