Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3423

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3423
Last Modified 04 Oct 2014 12:53:51
Published 07 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3423

Summary

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

Vulnerable Systems

Application

  • Redhat Icedtea-web 1.0

  • Redhat Icedtea-web 1.1

  • Redhat Icedtea-web 1.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=841345

UBUNTU - USN-1521-1

SECUNIA - 50089

REDHAT - RHSA-2012:1132

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS

CONFIRM - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863

CONFIRM - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518

SUSE - openSUSE-SU-2012:0982

SUSE - openSUSE-SU-2012:0981

SUSE - SUSE-SU-2012:0979

SUSE - openSUSE-SU-2013:0966

SUSE - openSUSE-SU-2013:0893

SUSE - openSUSE-SU-2013:0826

SUSE - SUSE-SU-2013:0851

SUSE - SUSE-SU-2013:1174

GENTOO - GLSA-201406-32

Related Patches

Novell SUSE 2012:6621 icedtea-web security update for SLED 11 SP1 i586

Novell SUSE 2012:6621 icedtea-web security update for SLED 11 SP1 x86_64

Novell SUSE 2012:6626 icedtea-web security update for SLED 11 SP2 i586

Novell SUSE 2012:6626 icedtea-web security update for SLED 11 SP2 x86_64


Last Updated: 27 May 2016 10:56:42