The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.