CVE-2012-2980
First published: Tue Aug 21 2012(Updated: )
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Att Status | ||
| HTC ChaCha | ||
| HTC Desire | ||
| HTC Merge | ||
| Samsung Galaxy S | ||
| Sprint EVO Shift 4G | ||
| T-Mobile G2 | ||
| T-Mobile myTouch 3G Slide | ||
| T-Mobile myTouch 4G Slide |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/description
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/att
- canonical/att status
- vendor/htc
- canonical/htc chacha
- canonical/htc desire
- canonical/htc merge
- vendor/samsung
- canonical/samsung galaxy s
- vendor/sprint
- canonical/sprint evo shift 4g
- vendor/t-mobile
- canonical/t-mobile g2
- canonical/t-mobile mytouch 3g slide
- canonical/t-mobile mytouch 4g slide