search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Vulnerability Note VU#709806

Original Release Date: 2013-07-26 | Last Revised: 2013-07-29

Overview

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service (CWE-20) vulnerability.

Description

CWE-20: Improper Input Validation - CVE-2013-3580

TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to com.trustgo.mobile.security.USSDScannerActivity with no arguments.

Impact

A malicious application installed on the phone may be able to disable the TrustGo Antivirus & Mobile Security software.

Solution

Apply an Update

TrustGo Antivirus & Mobile Security version 1.3.6 has been released to address this vulnerability.

Vendor Information

709806
 
Expand all

TrustGo Affected

Notified:  June 28, 2013 Updated: July 26, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C
Temporal 3 E:POC/RL:OF/RC:ND
Environmental 2.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to china.x.orion for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-3580
Date Public: 2013-07-26
Date First Published: 2013-07-26
Date Last Updated: 2013-07-29 13:15 UTC
Document Revision: 26

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis