Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4249

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4249
Last Modified 13 Aug 2012 12:49:14
Published 12 Aug 2012 01:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4249

Summary

The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248.

Vulnerable Systems


References

CERT-VN - VU#122656

MISC - http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368

CONFIRM - http://www.kb.cert.org/vuls/id/MORO-8WKGBN


Last Updated: 27 May 2016 10:51:39