Vulnerability ID: - JVN#19740283 Affected Product: - Cybozu Live for Android version 2.0.0 Vulnerability Description: - Cybozu Live for Android contains a vulnerability in the WebView class, which may lead to malicious file execution and information disclosure when a user clicks a file:// hyperlink on their Android device. Solution: - Update the software to the latest version according to the developer's information. Vendor Status: - Vendor: Cybozu, Inc. - Status: Vulnerable - Last Update: 2013/06/18 - Vendor Notes: Cybozu, Inc. website Vulnerability Severity: - Access Required: High - Authentication: Low-Mid - User Interaction Required: Mid - Exploit Complexity: Mid-High References: - Japan Vulnerability Notes JVN#77393797 - Cybozu Live for Android vulnerable in the WebView class Vulnerability Analysis: - Analyzed on 2013.06.18 - This analysis assumes that the user is tricked into storing a malicious file. Credit: - Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under the Information Security Early Warning Partnership. Other Information: - JPCERT Alert - JPCERT Reports - CERT Advisory - CPNI Advisory - TRnotes - CVE: CVE-2013-3647 - JVNiPedia: JVNiDB-2013-000060