CVE-2012-2993

2012-09-17T23:48:28
ID CVE-2012-2993
Type cve
Reporter NVD
Modified 2017-08-28T21:31:47

Description

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.