Vulnerability Description
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Kindle Touch | <= 5.1.1 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/122656US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-8WKGBN
- http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6b
- http://www.kb.cert.org/vuls/id/122656US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-8WKGBN
- http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6b
FAQ
What is CVE-2012-4248?
CVE-2012-4248 is a vulnerability with a CVSS score of 9.3 (HIGH). The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors in...
How severe is CVE-2012-4248?
CVE-2012-4248 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4248?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Kindle Touch.