Vulnerability Details : CVE-2012-4248
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
Exploit prediction scoring system (EPSS) score for CVE-2012-4248
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4248
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-4248
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4248
-
http://www.kb.cert.org/vuls/id/122656
VU#122656 - Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerabilityUS Government Resource
-
http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368
[Kindle Touch] Scriptable browser plugin included in 5.1.0 - MobileRead Forums
-
http://www.kb.cert.org/vuls/id/MORO-8WKGBN
VU#122656 - Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability
Products affected by CVE-2012-4248
- cpe:2.3:h:amazon:kindle_touch:*:*:*:*:*:*:*:*
- cpe:2.3:h:amazon:kindle_touch:5.1.0:*:*:*:*:*:*:*