VYPR

Windows Phone 7

by Microsoft

CVEs (1)

  • CVE-2012-2993MedSep 18, 2012
    risk 0.39cvss 5.9epss 0.04

    Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.