CVE-2012-2980

2022-10-0316:15:37

CWE-255

[email protected]

web.nvd.nist.gov

samsung

htc

android

ontouchevent

dmesg buffer

information disclosure

cve-2012-2980

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

Affected configurations

NVD

Node

attstatusMatch-

htcchachaMatch-

htcdesireMatch-

htcmergeMatch-

samsunggalaxy_sMatch-

sprintevo_shift_4gMatch-

t-mobileg2Match-

t-mobilemytouch_3g_slideMatch-

t-mobilemytouch_4g_slideMatch-

CPENameOperatorVersion
att:statusatt statuseq-
htc:chachahtc chachaeq-
htc:desirehtc desireeq-
htc:mergehtc mergeeq-
samsung:galaxy_ssamsung galaxy seq-
sprint:evo_shift_4gsprint evo shift 4geq-
t-mobile:g2t-mobile g2eq-
t-mobile:mytouch_3g_slidet-mobile mytouch 3g slideeq-
t-mobile:mytouch_4g_slidet-mobile mytouch 4g slideeq-

CPE	Name	Operator	Version
att:status	att status	eq	-
htc:chacha	htc chacha	eq	-
htc:desire	htc desire	eq	-
htc:merge	htc merge	eq	-
samsung:galaxy_s	samsung galaxy s	eq	-
sprint:evo_shift_4g	sprint evo shift 4g	eq	-
t-mobile:g2	t-mobile g2	eq	-
t-mobile:mytouch_3g_slide	t-mobile mytouch 3g slide	eq	-
t-mobile:mytouch_4g_slide	t-mobile mytouch 4g slide	eq	-