JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution

2012-08-31T00:00:00
ID JVN:23009798
Type jvn
Reporter Japan Vulnerability Notes
Modified 2012-08-31T00:00:00

Description

## Description

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability.

## Impact

When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android devices may be obtained and arbitrary OS commands may be executed.

## Solution

Update the software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Cybozu Live for Android version 1.0.4 and earlier