Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4248

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4248
Last Modified 13 Aug 2012 12:00:00
Published 12 Aug 2012 01:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4248

Summary

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.

Vulnerable Systems


References

CERT-VN - VU#122656

MISC - http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368

CONFIRM - http://www.kb.cert.org/vuls/id/MORO-8WKGBN


Last Updated: 27 May 2016 10:51:39