14 matches found
Design/Logic Flaw
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...
Microsoft Windows Phone 7 SSL证书'Common Name'验证安全限制绕过漏洞
BUGTRAQ ID: 55569 CVE ID: CVE-2012-2993 Windows Phone 7是微软公司发布的一款手机操作系统,于2010年10月11日发布,它将微软旗下产品整合至手机中,并使用Metro作为设计语言。 Microsoft Windows Phone 7没有正确验证服务器的SSL证书,可允许攻击者执行中间人攻击或模拟受信任服务器。 0 Microsoft Windows Phone 7 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2012-2993
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the 1 POP3, 2 IMAP, or 3 SMTP protocol via an arbitrary valid certificate...
Code injection
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the 1 POP3, 2 IMAP, or 3 SMTP protocol via an arbitrary valid certificate...
CVE-2012-2993
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the 1 POP3, 2 IMAP, or 3 SMTP protocol via an arbitrary valid certificate...
CVE-2012-2993
Microsoft Windows Phone 7 is affected: it does not verify the domain name in the server certificate’s Common Name, enabling MITM spoofing for SSL connections over POP3/IMAP/SMTP with arbitrary valid certificates. Affected software is Windows Phone 7; vulnerable component is certificate CN verific...
CVE-2012-2993
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the 1 POP3, 2 IMAP, or 3 SMTP protocol via an arbitrary valid certificate...
Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.
Overview Windows Phone 7 does not check CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL. Description Windows Phone 7 fails to check the CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP serve...
HTC HD7 "HTCUtility.dll" IOCTL安全限制绕过漏洞
BUGTRAQ ID: 50697 HTC HD7是采用了Windows Phone 7操作系统的智能手机。 HTC HD7在处理0x9020002C IOCTL请求时,其中的HTCUtility.dll驱动程序中存在错误,可被利用读取或写入任意内核内存。 HTC HD7 厂商补丁: HTC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.htc.com...
Class Action Lawsuit Accuses Microsoft of Illegal Geotagging
UPDATE: A class action lawsuit filed in U.S. District Court in Seattle, Washington, accuses Microsoft Corp. of collecting geolocation information from photos taken with phones running its Windows Phone 7 operating system, even without the user’s consent. The suit, filed by one Rebecca Cousineau, ...
Microsoft warns against hacked Windows Phone 7 updates !
Microsoft is sorry, quite sorry indeed, that so many Windows Phone 7 owners have yet to receive the NoDo update for their handset. In a weekly written update today, the Windows Phone 7 team expressed sympathy to owners frustrated over the lag in receiving the update: "You want the latest technolo...
Internet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing !
Pwn2Own, the annual three-day browser hackathon, has already claimed its first two victims: IE8 on Windows 7 64-bit, and Safari 5 on Mac OS X. Google Chrome looks set to survive for its third year in a row. Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He...
Geohot Will Try His Hacking Skills On Windows Phone 7 !
Geohot has been causing quite a disturbance due to his ongoing legal battle with Sony. Geohot jailbroke the Sony PS3 to run unsigned code. Sony is now suing him, and Geohot is under the tech industry's spotlight more than ever. So, what does all this have to do with Windows Phone 7? Microsoft has...
White hat hack breaks Windows Phone Marketplace security !
Video shows how Windows Phone 7 apps can be easily swiped and stripped of DRM protections Once more, Microsoft finds itself in the unenviable position of having one of its security flaws shared with the world. WPCentral has posted a video made by a "'white hat' developer" that shows how cyber...