Lucene search

MitreCVE-2011-4864

HistoryJan 25, 2012 - 4:03 a.m.

CVE-2011-4864

2012-01-2504:03:28

CWE-264

mitre

web.nvd.nist.gov

tencent

mobileqq

com.tencent.mobileqq

android

data protection

remote attackers

messages

friends list

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application.

Affected configurations

Nvd

Node

tencentmobileqqMatch2.2

AND

googleandroid

VendorProductVersionCPE
tencentmobileqq2.2cpe:2.3:a:tencent:mobileqq:2.2:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tencent	mobileqq	2.2	cpe:2.3:a:tencent:mobileqq:2.2:::::::*
google	android	*	cpe:2.3:o:google:android::::::::

References

www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4864-vulnerability-in-MobileQQ.html

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

Related for CVE-2011-4864