VYPR
Medium severity5.9NVD Advisory· Published Sep 18, 2012· Updated Jun 16, 2026

CVE-2012-2993

CVE-2012-2993

Description

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:o:microsoft:windows_phone_7_firmware:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_phone_7_firmware:-:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.