ID
VAR-201004-0515
TITLE
HTC Touch SMS Preview Popup Script Injection Vulnerability
Trust: 0.9
sources:
CNVD: CNVD-2010-0711 //
BID: 39640
DESCRIPTION
HTC Touch is a smartphone with touch function. If the phone is configured with a message preview, the script may be injected and executed due to lack of sufficient input filtering for the SMS content. An attacker may leverage this issue to execute arbitrary script code through an SMS message to carry out an attack, such as directing a user to a malicious site. This may allow attackers to carry out other attacks as well
Trust: 0.81
sources:
CNVD: CNVD-2010-0711 //
BID: 39640
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2010-0711
AFFECTED PRODUCTS
| vendor: | microsoft | model: | windows mobile | scope: | eq | version: | 6.5 | Trust: 0.9 |
| vendor: | htc | model: | touch pro | scope: | eq | version: | 2 | Trust: 0.9 |
sources:
CNVD: CNVD-2010-0711 //
BID: 39640
THREAT TYPE
network
Trust: 0.3
sources:
BID: 39640
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 39640
EXTERNAL IDS
| db: | BID | id: | 39640 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-0711 | Trust: 0.6 |
sources:
CNVD: CNVD-2010-0711 //
BID: 39640
REFERENCES
| url: | http://www.securityfocus.com/archive/1/510897 | Trust: 0.6 |
| url: | http://www.htc.com/www/ | Trust: 0.3 |
| url: | /archive/1/510897 | Trust: 0.3 |
sources:
CNVD: CNVD-2010-0711 //
BID: 39640
CREDITS
Michael Mueller from Integralis
Trust: 0.3
sources:
BID: 39640
SOURCES
| db: | CNVD | id: | CNVD-2010-0711 |
| db: | BID | id: | 39640 |
LAST UPDATE DATE
2022-05-17T01:58:05.813000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-0711 | date: | 2010-04-27T00:00:00 |
| db: | BID | id: | 39640 | date: | 2010-04-26T17:32:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-0711 | date: | 2010-04-27T00:00:00 |
| db: | BID | id: | 39640 | date: | 2010-04-22T00:00:00 |