CVE-2012-4248
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
La tableta Amazon Kindle Touch anterior a v5.1.2 no restringe adecuadamente el acceso a la interfaz del plugin libkindleplugin.so NPAPI lo que podría permitir a atacantes remotos obtener acceso a través de vectores que incluyen (1) dev.log, (2) lipc.set, (3) lipc.get, o (4) todo.scheduleItems method, una vulnerabilidad diferente que CVE-2012-4249.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-12 CVE Reserved
- 2012-08-12 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/122656 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/MORO-8WKGBN | X_refsource_confirm |
|
| http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Amazon Search vendor "Amazon" | Kindle Touch Search vendor "Amazon" for product "Kindle Touch" | <= 5.1.1 Search vendor "Amazon" for product "Kindle Touch" and version " <= 5.1.1" | - |
Affected
| ||||||
| Amazon Search vendor "Amazon" | Kindle Touch Search vendor "Amazon" for product "Kindle Touch" | 5.1.0 Search vendor "Amazon" for product "Kindle Touch" and version "5.1.0" | - |
Affected
| ||||||