← Back

CVE-2012-4006

nvd nist
Published: Aug 17, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

Affected (8)

Gree
7 products
Gree
Haconiwa
Kaizokuoukoku Columbus
Monpura
Seisen Cerberus
Tanken Dorirando
Tsurisuta
Kddi & Gree
1 product
Gree Market
Configuration A
8 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gree
Up to 1.3.9
Haconiwa
Up to 1.0.9
Kaizokuoukoku Columbus
Up to 1.3.4
Monpura
Up to 1.1.0
Seisen Cerberus
Up to 1.0.9
Tanken Dorirando
Up to 1.0.6
Tsurisuta
Up to 1.4.9
Gree Market
Up to 2.1.1
Running on/withPlatform Versions
Google
Android
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.