Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2993

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-2993
Last Modified 21 Mar 2013 11:11:00
Published 17 Sep 2012 11:48:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2993

Summary

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

Vulnerable Systems

Operating System

  • Microsoft Windows Phone 7


References

CERT-VN - VU#389795

SECTRACK - 1027541

XF - microsoft-winphone7-domainname-spoofing(78620)

BID - 55569

OSVDB - 85619


Last Updated: 27 May 2016 11:00:42