CVE-2012-4248
First published: Sun Aug 12 2012(Updated: )
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amazon Kindle Touch | <=5.1.1 | |
| Amazon Kindle Touch | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4248?
CVE-2012-4248 has a severity rating that indicates a moderate risk due to improper access restrictions in the Amazon Kindle Touch.
How do I fix CVE-2012-4248?
To mitigate CVE-2012-4248, upgrade to Amazon Kindle Touch version 5.1.2 or later.
What systems are affected by CVE-2012-4248?
CVE-2012-4248 affects Amazon Kindle Touch devices running versions 5.1.1 and below.
What kind of attacks can be executed via CVE-2012-4248?
CVE-2012-4248 may allow remote attackers to execute unspecified actions through the NPAPI plugin interface.
When was CVE-2012-4248 disclosed?
CVE-2012-4248 was publicly disclosed in 2012.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/amazon
- canonical/amazon kindle touch
- version/amazon kindle touch/5.1.1
- version/amazon kindle touch/5.1.0