CVE-2012-2980

Published Aug 21, 2012

Last updated 13 years ago

CVSS info 7.1

Overview

Description: The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.
Source: cret@cert.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:att:status:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF3604EC-F0EA-4C4F-AC02-B06E48BB8E2B"
          },
          {
            "criteria": "cpe:2.3:h:htc:chacha:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E4B4194-E63E-40B2-8D97-4F9ECF72B137"
          },
          {
            "criteria": "cpe:2.3:h:htc:desire:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D722FCD1-07FA-4161-A2CA-7AA66640CD57"
          },
          {
            "criteria": "cpe:2.3:h:htc:merge:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "750EA8EA-B973-44C2-B544-4AE0BA74AF28"
          },
          {
            "criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486"
          },
          {
            "criteria": "cpe:2.3:h:sprint:evo_shift_4g:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ACDC3D2-AA6E-476E-B23E-A4B138F590EC"
          },
          {
            "criteria": "cpe:2.3:h:t-mobile:g2:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70077E7C-3932-4234-87BA-745591A34E2D"
          },
          {
            "criteria": "cpe:2.3:h:t-mobile:mytouch_3g_slide:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "104D55CE-99BA-478F-91F1-0A97B801AF2F"
          },
          {
            "criteria": "cpe:2.3:h:t-mobile:mytouch_4g_slide:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5FD0C4-38F8-47D2-8494-15A385773326"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References