Vulnerability Details : CVE-2012-4248
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
Products affected by CVE-2012-4248
- cpe:2.3:h:amazon:kindle_touch:*:*:*:*:*:*:*:*
- cpe:2.3:h:amazon:kindle_touch:5.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4248
1.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4248
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-4248
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4248
-
http://www.kb.cert.org/vuls/id/122656
VU#122656 - Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerabilityUS Government Resource
-
http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368
[Kindle Touch] Scriptable browser plugin included in 5.1.0 - MobileRead Forums
-
http://www.kb.cert.org/vuls/id/MORO-8WKGBN
VU#122656 - Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability
Jump to