20 matches found
CVE-2014-1977
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application...
CVE-2014-1979
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message...
CVE-2014-1978
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted...
Design/Logic Flaw
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message...
CVE-2014-1977
The CVE-2014-1977 entry concerns NTT DOCOMO’s sp mode mail application for Android (6300 series on 4.0.x and 6700 on 4.1–4.4). The vulnerability arises from weak permissions on attachments during processing of incoming emails, enabling a crafted Android application to obtain sensitive information...
CVE-2014-1979
The CVE-2014-1979 issue affects NTT DOCOMO sp mode mail for Android (rev. 5900–6300 on Android 4.0.x; 6000–6620 on Android 4.1–4.4). The root cause is improper handling of Deco-mail emoticon POP data in emails, allowing remote attackers to execute arbitrary Java methods with the mail client’s pri...
CVE-2014-1978
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted...
CVE-2014-1978
The CVE-2014-1978 issue concerns the NTT DOCOMO sp mode mail application for Android (versions 6100–6300 on Android 4.0.x and 6130–6700 on Android 4.1–4.4). The vulnerability arises from the application link interface, which writes message content to the device’s SD card during email composition....
CVE-2014-1979
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message...
CVE-2014-1977
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application...
sp mode mail issue where emails in the process of creation may be accessed
Overview sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Androi...
sp mode mail issue when accessing attachments in incoming mail
Overview sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Satoru Takekoshi reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#89260331: sp mode mail vulnerability where Java methods may be executed
sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Impact When a specially crafted email is opened, an arbitrary Java method that can be...
JVN#81739241: sp mode mail issue when accessing attachments in incoming mail
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Impact If a malicious Android application is installed on the device, attachments for...
JVN#05951929: sp mode mail issue where emails in the process of creation may be accessed
sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android...
CVE-2012-1244
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2012-1244
The CVE-2012-1244 entry concerns the NTT DOCOMO sp mode mail application for Android (versions 5400 and earlier). The vulnerability is that the app does not properly verify SSL X.509 certificates from servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information ...
CVE-2012-1244
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
sp mode mail issue in the verification of SSL certificates
Overview sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA...