PT-2012-2502 · Twicca · Twicca

Tetsuya Aoyama

Published

2012-03-17

Updated

2018-01-11

CVE-2012-0326

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions twicca application versions 0.7.0 through 0.9.30

Description The issue concerns the twicca application's failure to properly restrict network privileges, allowing remote attackers to read media files on an SD card by using a crafted application.

Recommendations For twicca application versions 0.7.0 through 0.9.30, consider restricting network access to sensitive data until a fix is available. As a temporary workaround, restrict the use of network privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-0326

Affected Products

Twicca

PT-2012-2502 · Twicca · Twicca

CVE-2012-0326

Weakness Enumeration

Related Identifiers

Affected Products

References · 8