PT-2012-23: SQL Injection in Dr.Web Anti-virus
Version: 7.00.0 and earlier
Severity level: Medium
Impact: SQL Injection
Access Vector: Local
Base Score: 6.6
CVE: not assign
Dr.Web Anti-virus is an antivirus software for Android platform.
The specialists of the Positive Research center have detected "SQL Injection" vulnerability in Dr.Web Anti-virus application.
The vulnerability was detected in Dr.Web Anti-virus application for Android platrform in com.drweb.activities.antispam.CursorActivity class. An attacker can get the history of calls or SMS messages via third-party applications installed in the system.
How to fix
Update your software up to the latest version
11.07.2012 - Vendor is notified
11.07.2012 - Vendor gets vulnerability details
13.07.2012 - Vendor releases fixed version and details
17.07.2012 - Public disclosure
The vulnerability was discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: