CVE-2012-3423 – icedtea-web: incorrect handling of not 0-terminated strings

https://notcve.org/view.php?id=CVE-2012-3423

07 Aug 2012 — The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. El complemento IcedTea-Web anterior a v1.2.1 no maneja adecuadamente los (NPVariant) (NPStrings) sin terminadores NUL, lo que permite a atacantes remotos causar una denegación de servicio (caída), obtener información sensible de la memoria, o ... • http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •