TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

2013-07-26T00:00:00
ID VU:709806
Type cert
Reporter CERT
Modified 2013-07-29T00:00:00

Description

Overview

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service (CWE-20) vulnerability.

Description

CWE-20: *Improper Input Validation* - CVE-2013-3580

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to com.trustgo.mobile.security.USSDScannerActivity with no arguments.


Impact

A malicious application installed on the phone may be able to disable the TrustGo Antivirus & Mobile Security software.


Solution

Apply an Update

TrustGo Antivirus & Mobile Security version 1.3.6 has been released to address this vulnerability.


Vendor Information

Vendor| Status| Date Notified| Date Updated
---|---|---|---
TrustGo| | 28 Jun 2013| 26 Jul 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 3.8 | AV:L/AC:H/Au:S/C:N/I:N/A:C
Temporal | 3.0 | E:POC/RL:OF/RC:ND
Environmental | 2.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • <https://play.google.com/store/apps/details?id=com.trustgo.mobile.security>
  • <http://cwe.mitre.org/data/definitions/20.html>

Credit

Thanks to china.x.orion for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs: CVE-2013-3580
  • Date Public: 26 Jul 2013
  • Date First Published: 26 Jul 2013
  • Date Last Updated: 29 Jul 2013
  • Document Revision: 24