Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4540

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4540
Last Modified 11 Oct 2015 09:59:15
Published 11 Nov 2012 08:00:54
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4540

Summary

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.

Vulnerable Systems

Application

  • Redhat Icedtea-web 1.1

  • Redhat Icedtea-web 1.1.1

  • Redhat Icedtea-web 1.1.2

  • Redhat Icedtea-web 1.1.3

  • Redhat Icedtea-web 1.1.4

  • Redhat Icedtea-web 1.1.5

  • Redhat Icedtea-web 1.1.6

  • Redhat Icedtea-web 1.2

  • Redhat Icedtea-web 1.2.1

  • Redhat Icedtea-web 1.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=869040

XF - icedtea-applet-bo(79894)

UBUNTU - USN-1625-1

SECTRACK - 1027738

BID - 56434

MLIST - [oss-security] 20121107 IcedTea-Web CVE-2012-4540

MANDRIVA - MDVSA-2012:171

SECUNIA - 51220

SECUNIA - 51206

REDHAT - RHSA-2012:1434

MLIST - [distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS

SUSE - openSUSE-SU-2012:1524

SUSE - openSUSE-SU-2013:0174

SECUNIA - 51374

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1007960

MLIST - [distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!

SUSE - openSUSE-SU-2013:1511

SUSE - openSUSE-SU-2013:1509

DEBIAN - DSA-2768

GENTOO - GLSA-201406-32

BID - 62426

SUSE - openSUSE-SU-2015:1595

Related Patches

Novell SUSE 2012:7041 icedtea-web security update for SLED 11 SP2 i586

Novell SUSE 2012:7041 icedtea-web security update for SLED 11 SP2 x86_64


Last Updated: 27 May 2016 10:56:40