CVE-2012-2980

Severity Score

7.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

El método de implementación onTouchEvent en Samsumg y HTC para Android en el dispositivo T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, y Samsung Galaxy S almacena las coordenadas de contacto en un búfer (dmesg) lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada, una demostración para números de PIN, números de teléfono y mensajes de texto.

*Credits: N/A

CVSS Scores

NISTv2 7.1

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-05-30 CVE Reserved
2012-08-21 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (3)

URL	Tag	Source
http://www.htc.com/www/help/app-security-fix	X_refsource_misc
http://www.kb.cert.org/vuls/id/251635	Third Party Advisory
http://www.kb.cert.org/vuls/id/MAPG-8R5LD6	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Att Search vendor "Att"		Status Search vendor "Att" for product "Status"				-		-		Affected
Htc Search vendor "Htc"		Chacha Search vendor "Htc" for product "Chacha"				-		-		Affected
Htc Search vendor "Htc"		Desire Search vendor "Htc" for product "Desire"				-		-		Affected
Htc Search vendor "Htc"		Merge Search vendor "Htc" for product "Merge"				-		-		Affected
Samsung Search vendor "Samsung"		Galaxy S Search vendor "Samsung" for product "Galaxy S"				-		-		Affected
Sprint Search vendor "Sprint"		Evo Shift 4g Search vendor "Sprint" for product "Evo Shift 4g"				-		-		Affected
T-mobile Search vendor "T-mobile"		G2 Search vendor "T-mobile" for product "G2"				-		-		Affected
T-mobile Search vendor "T-mobile"		Mytouch 3g Slide Search vendor "T-mobile" for product "Mytouch 3g Slide"				-		-		Affected
T-mobile Search vendor "T-mobile"		Mytouch 4g Slide Search vendor "T-mobile" for product "Mytouch 4g Slide"				-		-		Affected