Description
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.htc.com/www/help/app-security-fix/
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MAPG-8R5LD6
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/251635
Scores
EPSS
0.0325
EPSS Percentile
87.3%
Details
CWE
CWE-255
Status
published
Products (9)
att/status
htc/chacha
htc/desire
htc/merge
samsung/galaxy_s
sprint/evo_shift_4g
t-mobile/g2
t-mobile/mytouch_3g_slide
t-mobile/mytouch_4g_slide
Published
Aug 21, 2012
Tracked Since
Feb 18, 2026