Описание
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.1 (включая)
Одно из
cpe:2.3:h:amazon:kindle_touch:*:*:*:*:*:*:*:*
cpe:2.3:h:amazon:kindle_touch:5.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02311
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
EPSS
Процентиль: 84%
0.02311
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-264