The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Windows 10 Mobile

vulnerability 16460

Windows: fraudulent certificate emitted for Google

Synthesis of the vulnerability

An attacker, who owns the malicious "google.com" certificate, can use a Man-in-the-middle attack on a fake Google site, in order for example to obtain sensitive information.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Mobile, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 25/03/2015.
Identifiers: 3050995, VIGILANCE-VUL-16460.

Description of the vulnerability

The Windows system is installed with trusted certification authorities, such as "China Internet Network Information Center (CNNIC)".

However, this authority published a malicious certificate for "google.com", "gmail.com", "googleapis.com", etc.

An attacker, who owns the malicious "google.com" certificate, can therefore use a Man-in-the-middle attack on a fake Google site, in order for example to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 16396

Windows: fraudulent certificate emitted for Live.fi

Synthesis of the vulnerability

An attacker, who owns the "www.live.fi" certificate, can use a Man-in-the-middle attack on a fake Live site, in order for example to obtain sensitive information.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Mobile, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 17/03/2015.
Identifiers: 3046310, VIGILANCE-VUL-16396.

Description of the vulnerability

The Windows system is installed with trusted certification authorities, such as "COMODO RSA Domain Validation Secure Serve CA".

However, this authority published a malicious certificate for "www.live.fi".

An attacker, who owns the malicious "www.live.fi" certificate, can therefore use a Man-in-the-middle attack on a fake Live site, in order for example to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 13199

Windows Phone: information disclosure via WiFi WPA2 PEAP-MS-CHAPv2

Synthesis of the vulnerability

An attacker can create a fake WiFi WPA2 access point to obtain encrypted data, then decrypt the PEAP-MS-CHAPv2 algorithm, in order to obtain victim's password, to access to sensitive information.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion.
Provenance: radio connection.
Creation date: 05/08/2013.
Identifiers: 2876146, BID-61592, VIGILANCE-VUL-13199.

Description of the vulnerability

When Windows Phone connects to a Wi-Fi access point, it can use a WPA2 authentication, with the PEAP-MS-CHAPv2 protocol (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2).

However, a cryptographic weakness was announced in PEAP-MS-CHAPv2. An attacker can then retrieve the password.

An attacker can therefore create a fake WiFi WPA2 access point to obtain encrypted data, then decrypt the PEAP-MS-CHAPv2 algorithm, in order to obtain victim's password, to access to sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability 12280

Windows, NSS: fraudulent certificates emitted by TURKTRUST

Synthesis of the vulnerability

The TURKTRUST certification authority, which is trusted by Windows and NSS, delivered certificates to attackers, used to sign malicious web sites.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, Mandriva Linux, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Mobile, Windows Vista, Windows XP, RHEL.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 04/01/2013.
Identifiers: 2798897, DSA-2599-1, FEDORA-2013-0231, FEDORA-2013-0261, FEDORA-2013-0271, MDVSA-2013:003, MDVSA-2013:050, RHSA-2013:0213-01, RHSA-2013:0214-01, SA73, VIGILANCE-VUL-12280.

Description of the vulnerability

The Windows system is installed with trusted certification authorities, such as "TURKTRUST Inc.". This authority is also present in NSS.

However, this authority published incorrect certificates (no CRL/OCSP, and "end-entity") for two certification authorities:
  *.EGO.GOV.TR
  e-islem.kktcmerkezbankasi.org

The "*.EGO.GOV.TR" certificate was then used to create a malicious certificate for "*.google.com".

An attacker, who owns this certificate, can thus use a Man-in-the-middle attack on a fake Google site, in order for example to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-2993

Windows Phone 7: not checking the Common Name

Synthesis of the vulnerability

The Windows Phone 7 messaging client does not check the Common Name field of the X.509 certificate sent by the server, so an attacker can use a man-in-the-middle without being detected.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet server.
Creation date: 18/09/2012.
Identifiers: BID-55569, CVE-2012-2993, VIGILANCE-VUL-11954, VU#389795.

Description of the vulnerability

The Windows Phone 7 system contains a messaging client to connect to POP3, IMAP or SMTP servers.

Sessions can be encrypted by SSL/TLS. In this case, the server sends an X.509 certificate. The Common Name filed has to be the same as the server name.

However, if the Common Name field is for another site, Windows Phone 7 accepts it.

The Windows Phone 7 messaging client therefore does not check the Common Name field of the X.509 certificate sent by the server, so an attacker can use a man-in-the-middle without being detected.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 11253

Windows Phone: denial of service via SMS

Synthesis of the vulnerability

An attacker can send an SMS, in order to restart a Windows Phone 7.5 device.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 27/12/2011.
Identifiers: BID-51179, VIGILANCE-VUL-11253.

Description of the vulnerability

An attacker can send an SMS, in order to restart a Windows Phone 7.5 device.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11147

SSL: revocation of DigiCert Malaysia

Synthesis of the vulnerability

The DigiCert Malaysia intermediary certificate authority was revoked.
Impacted products: Debian, Fedora, Mandriva Linux, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Mobile, Windows Vista, Windows XP, Firefox, Thunderbird, openSUSE, SSL protocol, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: internet server.
Creation date: 10/11/2011.
Identifiers: 2641690, CERTA-2003-AVI-008, DSA-2339-1, DSA-2341-1, DSA-2342-1, DSA-2343-1, FEDORA-2011-15586, MDVSA-2011:169, openSUSE-SU-2011:1241-1, RHSA-2011:1437-01, RHSA-2011:1440-01, RHSA-2011:1444-01, SUSE-SU-2011:1256-2, VIGILANCE-VUL-11147.

Description of the vulnerability

The DigiCert Malaysia (Digicert Sdn Bhd) intermediary certification authority was revoked, due to the issuance of 22 certificates with weak keys, and to several technical issues (VIGILANCE-ACTU-3168).

It is thus recommended to delete this certification authority.

This certification authority is under Entrust and Verizon (GTE CyberTrust). It is different from DigiCert Inc (http://www.digicert.com/).
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 10483

IE, Firefox, SeaMonkey, Opera: certificate revokation

Synthesis of the vulnerability

After an intrusion in a certification authority, web browsers revoked some certificates.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, Mandriva Linux, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Mobile, Windows Vista, Windows XP, Firefox, SeaMonkey, openSUSE, Opera, RHEL, Slackware.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, no consequence.
Provenance: internet server.
Creation date: 23/03/2011.
Revision date: 23/03/2011.
Identifiers: 2524375, CERTA-2003-AVI-002, CERTA-2011-AVI-169, DSA-2199-1, DSA-2200-1, DSA-2203-1, FEDORA-2011-4244, FEDORA-2011-4250, FEDORA-2011-5152, FEDORA-2011-5161, MDVSA-2011:068, MDVSA-2011:072, MDVSA-2011:074, MFSA 2011-11, openSUSE-SU-403, RHSA-2011:0373-01, RHSA-2011:0375-01, RHSA-2011:0472-01, SA54, SSA:2011-086-01, SSA:2011-086-02, VIGILANCE-VUL-10483.

Description of the vulnerability

A certification authority signs certificates of web sites using SSL (https). Certificates of these authorities are installed by default in web browsers, in order to provide the chain of trust.

An intrusion occurred in the UserTrust certification authority, a partner of Comodo.

An attacker used this authority to sign 9 fake certificates for web sites (google.com, yaoo.com, mozilla.com, etc.). He can thus create a malicious https://www.example.com/ web site and invite the victim to connect, with no warning.

Several web browser editors decided to block these 9 certificates.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 10061

Windows Mobile: memory corruption via vCard

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious vCard, in order to corrupt the memory of Windows Mobile, which creates a denial of service and possibly leads to code execution.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 21/10/2010.
Identifiers: BID-44287, VIGILANCE-VUL-10061.

Description of the vulnerability

A CVF visit card in vCard format contains several fields:
 - field N : name
 - field FN : full name
 - field TEL : phone number
 - etc.
They can be shared via MMS or Bluetooth.

When Windows Mobile receives a vCard with a long N name, several memory allocations are done. However, unused areas are freed several times. The memory is thus corrupted.

An attacker can therefore invite the victim to open a malicious vCard, in order to corrupt the memory of Windows Mobile, which creates a denial of service and possibly leads to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 9605

Windows Mobile: Cross Site Scripting via MMS

Synthesis of the vulnerability

An attacker can send an HTML MMS, using a refresh, in order to generate a Cross Site Scripting.
Impacted products: Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 23/04/2010.
Identifiers: BID-39640, VIGILANCE-VUL-9605.

Description of the vulnerability

The "meta http-equiv=refresh" directive of an HTML document redirects the visitor to another url.

The "Show Message" configuration of HTC Touch Pro 2 mobiles directly displays the content of received messages. However, if the message uses an "meta http-equiv=refresh", its script code is run in the context of the pointed web site.

An attacker can therefore send an HTML MMS, using a refresh, in order to generate a Cross Site Scripting.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.