CVE-2014-1979: Code Injection
First published: Wed Mar 19 2014(Updated: )
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nttdocomo Spmode Mail | =6000 | |
| Nttdocomo Spmode Mail | =6200 | |
| Nttdocomo Spmode Mail | =6620 | |
| Android | =4.1 | |
| Android | =4.1.2 | |
| Android | =4.2 | |
| Android | =4.2.1 | |
| Android | =4.2.2 | |
| Android | =4.3 | |
| Android | =4.3.1 | |
| Android | =4.4 | |
| Nttdocomo Spmode Mail | =5900 | |
| Nttdocomo Spmode Mail | =6300 | |
| Android | =4.0 | |
| Android | =4.0.1 | |
| Android | =4.0.2 | |
| Android | =4.0.3 | |
| Android | =4.0.4 | |
| All of | ||
| Any of | ||
| Nttdocomo Spmode Mail | =6000 | |
| Nttdocomo Spmode Mail | =6200 | |
| Nttdocomo Spmode Mail | =6620 | |
| Any of | ||
| Android | =4.1 | |
| Android | =4.1.2 | |
| Android | =4.2 | |
| Android | =4.2.1 | |
| Android | =4.2.2 | |
| Android | =4.3 | |
| Android | =4.3.1 | |
| Android | =4.4 | |
| All of | ||
| Any of | ||
| Nttdocomo Spmode Mail | =5900 | |
| Nttdocomo Spmode Mail | =6000 | |
| Nttdocomo Spmode Mail | =6200 | |
| Nttdocomo Spmode Mail | =6300 | |
| Any of | ||
| Android | =4.0 | |
| Android | =4.0.1 | |
| Android | =4.0.2 | |
| Android | =4.0.3 | |
| Android | =4.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-1979?
CVE-2014-1979 has been classified with a moderate severity due to the potential for remote code execution.
How do I fix CVE-2014-1979?
To fix CVE-2014-1979, upgrade the NTT DOCOMO sp mode mail application to the latest secure version provided by the vendor.
Which versions are affected by CVE-2014-1979?
CVE-2014-1979 affects NTT DOCOMO sp mode mail application versions 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4.
Can I use older versions of Android with CVE-2014-1979?
Yes, CVE-2014-1979 affects specific versions of the NTT DOCOMO sp mode mail application, not the Android OS itself.
What are the consequences of CVE-2014-1979 exploitation?
Exploitation of CVE-2014-1979 could allow remote attackers to execute arbitrary Java methods through malicious email data.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/nttdocomo
- canonical/nttdocomo spmode mail
- version/nttdocomo spmode mail/6000
- version/nttdocomo spmode mail/6200
- version/nttdocomo spmode mail/6620
- vendor/google
- canonical/android
- version/android/4.1
- version/android/4.1.2
- version/android/4.2
- version/android/4.2.1
- version/android/4.2.2
- version/android/4.3
- version/android/4.3.1
- version/android/4.4
- version/nttdocomo spmode mail/5900
- version/nttdocomo spmode mail/6300
- version/android/4.0
- version/android/4.0.1
- version/android/4.0.2
- version/android/4.0.3
- version/android/4.0.4