CVE-2013-3647: Infoleak
First published: Tue Jun 18 2013(Updated: )
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cybozu Live | <=2.0.0 | |
| Cybozu Live | =1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3647?
CVE-2013-3647 is considered a high severity vulnerability due to its potential to allow arbitrary code execution.
How does CVE-2013-3647 affect the Cybozu Live application?
CVE-2013-3647 allows attackers to execute arbitrary JavaScript code and access sensitive information through a manipulated local file.
What versions of Cybozu Live are affected by CVE-2013-3647?
CVE-2013-3647 affects all versions of Cybozu Live for Android before 2.0.1, including version 1.0.4.
How can I mitigate the risks associated with CVE-2013-3647?
To mitigate CVE-2013-3647, it is essential to update the Cybozu Live application to version 2.0.1 or later.
Is there a known exploit for CVE-2013-3647?
Yes, CVE-2013-3647 has been documented to be exploitable in crafted applications that can include malicious JavaScript.
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cybozu
- canonical/cybozu live
- version/cybozu live/2.0.0
- version/cybozu live/1.0.4