medium
4.3
CWE
264
Advisory Published
Updated

CVE-2014-1977

First published: Wed Mar 19 2014(Updated: )

The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Nttdocomo Spmode Mail<=6300
Nttdocomo Spmode Mail=2546
Nttdocomo Spmode Mail=2631
Nttdocomo Spmode Mail=3000
Nttdocomo Spmode Mail=3100
Nttdocomo Spmode Mail=3200
Nttdocomo Spmode Mail=3300
Nttdocomo Spmode Mail=3400
Nttdocomo Spmode Mail=4000
Nttdocomo Spmode Mail=4200
Nttdocomo Spmode Mail=4300
Nttdocomo Spmode Mail=4400
Nttdocomo Spmode Mail=4500
Nttdocomo Spmode Mail=4600
Nttdocomo Spmode Mail=4700
Nttdocomo Spmode Mail=4800
Nttdocomo Spmode Mail=4900
Nttdocomo Spmode Mail=5000
Nttdocomo Spmode Mail=5100
Nttdocomo Spmode Mail=5200
Nttdocomo Spmode Mail=5300
Nttdocomo Spmode Mail=5400
Nttdocomo Spmode Mail=5500
Nttdocomo Spmode Mail=5550
Android=4.0
Android=4.0.1
Android=4.0.2
Android=4.0.3
Android=4.0.4
Nttdocomo Spmode Mail<=6700
Android=4.1
Android=4.1.2
Android=4.2
Android=4.2.1
Android=4.2.2
Android=4.3
Android=4.3.1
Android=4.4
All of
Any of
Nttdocomo Spmode Mail<=6300
Nttdocomo Spmode Mail=2546
Nttdocomo Spmode Mail=2631
Nttdocomo Spmode Mail=3000
Nttdocomo Spmode Mail=3100
Nttdocomo Spmode Mail=3200
Nttdocomo Spmode Mail=3300
Nttdocomo Spmode Mail=3400
Nttdocomo Spmode Mail=4000
Nttdocomo Spmode Mail=4200
Nttdocomo Spmode Mail=4300
Nttdocomo Spmode Mail=4400
Nttdocomo Spmode Mail=4500
Nttdocomo Spmode Mail=4600
Nttdocomo Spmode Mail=4700
Nttdocomo Spmode Mail=4800
Nttdocomo Spmode Mail=4900
Nttdocomo Spmode Mail=5000
Nttdocomo Spmode Mail=5100
Nttdocomo Spmode Mail=5200
Nttdocomo Spmode Mail=5300
Nttdocomo Spmode Mail=5400
Nttdocomo Spmode Mail=5500
Nttdocomo Spmode Mail=5550
Any of
Android=4.0
Android=4.0.1
Android=4.0.2
Android=4.0.3
Android=4.0.4
All of
Any of
Nttdocomo Spmode Mail<=6700
Nttdocomo Spmode Mail=2546
Nttdocomo Spmode Mail=2631
Nttdocomo Spmode Mail=3000
Nttdocomo Spmode Mail=3100
Nttdocomo Spmode Mail=3200
Nttdocomo Spmode Mail=3300
Nttdocomo Spmode Mail=3400
Nttdocomo Spmode Mail=4000
Nttdocomo Spmode Mail=4200
Nttdocomo Spmode Mail=4300
Nttdocomo Spmode Mail=4400
Nttdocomo Spmode Mail=4500
Nttdocomo Spmode Mail=4600
Nttdocomo Spmode Mail=4700
Nttdocomo Spmode Mail=4800
Nttdocomo Spmode Mail=4900
Nttdocomo Spmode Mail=5000
Nttdocomo Spmode Mail=5100
Nttdocomo Spmode Mail=5200
Nttdocomo Spmode Mail=5300
Nttdocomo Spmode Mail=5400
Nttdocomo Spmode Mail=5500
Nttdocomo Spmode Mail=5550
Any of
Android=4.1
Android=4.1.2
Android=4.2
Android=4.2.1
Android=4.2.2
Android=4.3
Android=4.3.1
Android=4.4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2014-1977?

    CVE-2014-1977 is considered a moderate severity vulnerability due to the weak permissions for attachments in the application.

  • How do I fix CVE-2014-1977?

    To fix CVE-2014-1977, it is recommended to update the NTT DOCOMO sp mode mail application to the latest version available.

  • What versions are affected by CVE-2014-1977?

    CVE-2014-1977 affects NTT DOCOMO sp mode mail application versions 6300 and earlier, as well as versions 6700 and earlier for Android 4.1 through 4.4.

  • What type of data can be compromised due to CVE-2014-1977?

    CVE-2014-1977 allows attackers to obtain sensitive information via crafted email attachments, compromising user data.

  • Is CVE-2014-1977 still a risk for current versions of the application?

    No, CVE-2014-1977 is not a risk for current versions of the NTT DOCOMO sp mode mail application if kept up to date.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203