CVE-2012-4248

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:amazon:kindle_touch:*:*:*:*:*:*:*:*
cpe:2.3:h:amazon:kindle_touch:5.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:42

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/122656 - US Government Resource () http://www.kb.cert.org/vuls/id/122656 - US Government Resource
References () http://www.kb.cert.org/vuls/id/MORO-8WKGBN - () http://www.kb.cert.org/vuls/id/MORO-8WKGBN -
References () http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368 - () http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368 -

Information

Published : 2012-08-12 17:55

Updated : 2024-11-21 01:42


NVD link : CVE-2012-4248

Mitre link : CVE-2012-4248

CVE.ORG link : CVE-2012-4248


JSON object : View

Products Affected

amazon

  • kindle_touch
CWE
CWE-264

Permissions, Privileges, and Access Controls