CVE-2012-5456

Name of the Vulnerable Software and Affected Versions Zoner AntiVirus Free (affected versions not specified)

Description The issue concerns a failure to verify the server hostname against the domain name in the subject's Common Name field of the X.509 certificate. This allows for man-in-the-middle attacks where an attacker could spoof SSL servers using any valid certificate. An example of exploitation is through a server used for updating virus signature files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.