Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5456


Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5456
Last Modified 25 Jan 2013 11:58:16
Published 24 Oct 2012 01:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files.

Vulnerable Systems


  • Zoner Antivirus Free -

  • Zoner Antivirus Free 1.7.0



XF - zoner-android-spoofing(79591)

BID - 56292

Last Updated: 27 May 2016 10:53:42