Vulnerability Details : CVE-2012-2649
The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
Products affected by CVE-2012-2649
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:*:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:*:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.6.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.1:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.4.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.2.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:rc:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.4:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.3:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.2:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.1:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:alpha:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.1:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.1.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.3.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.1.0:-:black:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:rc:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:alpha:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2649
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2649
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2649
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2649
-
http://jvn.jp/en/jp/JVN99730704/index.html
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
-
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000075
JVNDB-2012-000075 - JVN iPedia - 脆弱性対策情報データベース
-
https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir
Sleipnir Mobile - Web Browser - Apps on Google Play
-
https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black
Sleipnir Mobile Black Edition - Apps on Google Play
Jump to