CVE-2012-2980

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified) on T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S

Description The onTouchEvent method implementation for Android on certain devices stores touch coordinates in the dmesg buffer. This allows remote attackers to obtain sensitive information, such as PIN numbers, telephone numbers, and text messages, via a crafted application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.