CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-5854

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile23.44th
Published2014年9月9日
Last Modified2026年5月6日

Vulnerability Description

The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Platforms (CPE)

📦
Clearhub

Windows Live Hotmail Push Mail

= 1.00.97

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/525825
🔗 http://www.kb.cert.org/vuls/id/582497
🔗 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
🔗 http://www.kb.cert.org/vuls/id/525825
🔗 http://www.kb.cert.org/vuls/id/582497
🔗 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

相關漏洞威脅

CVE-2014-052310.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...

CVE-2014-052810.0

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attac...