Hironori Tokuta

**Name of the Vulnerable Software and Affected Versions** NTT DOCOMO sp mode mail application versions 6100 through 6300 for Android 4.0.x NTT DOCOMO sp mode mail application versions 6130 through 6700 for Android 4.1 through 4.4 **Description** The issue allows attackers to obtain sensitive information via a crafted application, as the application link interface in the NTT DOCOMO sp mode mail application writes message content to the SD card during e-mail composition. **Recommendations** For versions 6100 through 6300, consider restricting access to the SD card to minimize the risk of exploitation. For versions 6130 through 6700, avoid using the application for sensitive communications until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NTT DOCOMO sp mode mail application versions 5900 through 6300 for Android 4.0.x NTT DOCOMO sp mode mail application versions 6000 through 6620 for Android 4.1 through 4.4 **Description** The issue allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. **Recommendations** For versions 5900 through 6300, update to a version outside of this range to mitigate the risk. For versions 6000 through 6620, update to a version outside of this range to mitigate the risk.