TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service (CWE-20) vulnerability.
CWE-20: *Improper Input Validation* - CVE-2013-3580
TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to
com.trustgo.mobile.security.USSDScannerActivity with no arguments.
A malicious application installed on the phone may be able to disable the TrustGo Antivirus & Mobile Security software.
Apply an Update
TrustGo Antivirus & Mobile Security version 1.3.6 has been released to address this vulnerability.
Vendor| Status| Date Notified| Date Updated
TrustGo| | 28 Jun 2013| 26 Jul 2013
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | 3.8 | AV:L/AC:H/Au:S/C:N/I:N/A:C
Temporal | 3.0 | E:POC/RL:OF/RC:ND
Environmental | 2.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND
Thanks to china.x.orion for reporting this vulnerability.
This document was written by Adam Rauf.