CVE-2007-0859
First published: Fri Feb 16 2007(Updated: )
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palm Treo | =680 | |
| Palm Treo | =650 | |
| Palm Treo | =700p |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.symantec.com/enterprise/research/SYMSA-2007-002.txt
- http://www.securityfocus.com/bid/22468
- http://discussion.treocentral.com/showthread.php?p=1199445&posted=1#post1199445
- http://securityreason.com/securityalert/2260
- http://osvdb.org/33724
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32502
- http://www.securityfocus.com/archive/1/460954/100/0/threaded
- http://www.securityfocus.com/archive/1/460911/100/0/threaded
- http://www.securityfocus.com/archive/1/460908/100/0/threaded
- http://www.securityfocus.com/archive/1/460901/100/0/threaded
- http://www.securityfocus.com/archive/1/460328/100/0/threaded
- http://www.securityfocus.com/archive/1/460059/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-0859?
CVE-2007-0859 has been classified as a medium severity vulnerability due to its potential for sensitive information exposure with physical access.
Which devices are affected by CVE-2007-0859?
CVE-2007-0859 affects Palm Treo models 680, 650, and 700p.
How does CVE-2007-0859 work?
CVE-2007-0859 allows attackers to bypass system password locks and access sensitive information through text search and paste operations.
How can I mitigate the risk of CVE-2007-0859?
To mitigate CVE-2007-0859, ensure that sensitive data is secured and consider disabling the Find feature if physical access is a concern.
Is there a patch available for CVE-2007-0859?
There is no official patch available for CVE-2007-0859, so users should implement alternative security measures.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/palm
- canonical/palm treo
- version/palm treo/680
- version/palm treo/650
- version/palm treo/700p