7.1

CVE-2012-2980

EPSS 2.88%
Published 21.08.2012 10:46:10
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Att ≫ Status Version-

Htc ≫ Chacha Version-

Htc ≫ Desire Version-

Htc ≫ Merge Version-

Samsung ≫ Galaxy S Version-

Sprint ≫ Evo Shift 4g Version-

T-mobile ≫ G2 Version-

T-mobile ≫ Mytouch 3g Slide Version-

T-mobile ≫ Mytouch 4g Slide Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.88%	0.858

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:C/I:N/A:N

http://www.htc.com/www/help/app-security-fix/

http://www.kb.cert.org/vuls/id/251635

US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-8R5LD6

https://nvd.nist.gov/vuln/detail/CVE-2012-2980

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2980

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2980

EUVD