Back to search
CVE-2012-2993
Published: Sep 18, 2012
Modified: Jan 16, 2025
PUBLISHED
Description
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
microsoft-winphone7-domainname-spoofing(78620)
vdb-entry
x_refsource_XF
55569
vdb-entry
x_refsource_BID
VU#389795
third-party-advisory
x_refsource_CERT-VN
85619
vdb-entry
x_refsource_OSVDB
1027541
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now