ID CVE-2012-4540
Summary Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
References
Vulnerable Configurations
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • IcedTea project IcedTea-Web 1.1
    cpe:2.3:a:redhat:icedtea-web:1.1
  • Red Hat IcedTea-Web 1.1.1
    cpe:2.3:a:redhat:icedtea-web:1.1.1
  • Red Hat IcedTea-Web 1.1.2
    cpe:2.3:a:redhat:icedtea-web:1.1.2
  • Red Hat IcedTea-Web 1.1.3
    cpe:2.3:a:redhat:icedtea-web:1.1.3
  • Red Hat IcedTea-Web 1.1.4
    cpe:2.3:a:redhat:icedtea-web:1.1.4
  • Red Hat IcedTea-Web 1.1.5
    cpe:2.3:a:redhat:icedtea-web:1.1.5
  • Red Hat IcedTea-Web 1.1.6
    cpe:2.3:a:redhat:icedtea-web:1.1.6
  • Red Hat IcedTea-Web 1.2
    cpe:2.3:a:redhat:icedtea-web:1.2
  • Red Hat IcedTea-Web 1.2.1
    cpe:2.3:a:redhat:icedtea-web:1.2.1
  • Red Hat IcedTea-Web 1.3
    cpe:2.3:a:redhat:icedtea-web:1.3
CVSS
Base: 6.8 (as of 27-05-2016 - 13:15)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-602.NASL
    description The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties now should persists load/save - fixed bug in caching of files with query - fixed issues with recreating of existing shortcut - trustAll/trustNone now processed correctly - headless no longer shows dialogues - RH1231441 Unable to read the text of the buttons of the security dialogue - Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208) - Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209) - MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed - NetX - fixed issues with -html shortcuts - fixed issue with -html receiving garbage in width and height - PolicyEditor - file flag made to work when used standalone - file flag and main argument cannot be used in combination - Fix generation of man-pages with some versions of 'tail' Also included is the update to 1.6 - Massively improved offline abilities. Added Xoffline switch to force work without inet connection. - Improved to be able to run with any JDK - JDK 6 and older no longer supported - JDK 8 support added (URLPermission granted if applicable) - JDK 9 supported - Added support for Entry-Point manifest attribute - Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to control scan of Manifest file - starting arguments now accept also -- abbreviations - Added new documentation - Added support for menu shortcuts - both javaws applications/applets and html applets are supported - added support for -html switch for javaws. Now you can run most of the applets without browser at all - Control Panel - PR1856: ControlPanel UI improvement for lower resolutions (800*600) - NetX - PR1858: Java Console accepts multi-byte encodings - PR1859: Java Console UI improvement for lower resolutions (800*600) - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception java.lang.ClassCastException in method sun.applet.PluginAppletViewer$8.run() - Dropped support for long unmaintained -basedir argument - Returned support for -jnlp argument - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 - Plugin - PR1743 - Intermittant deadlock in PluginRequestProcessor - PR1298 - LiveConnect - problem setting array elements (applet variables) from JS - RH1121549: coverity defects - Resolves method overloading correctly with superclass heirarchy distance - PolicyEditor - codebases can be renamed in-place, copied, and pasted - codebase URLs can be copied to system clipboard - displays a progress dialog while opening or saving files - codebases without permissions assigned save to file anyway (and re-appear on next open) - PR1776: NullPointer on save-and-exit - PR1850: duplicate codebases when launching from security dialogs - Fixed bug where clicking 'Cancel' on the 'Save before Exiting' dialog could result in the editor exiting without saving changes - Keyboard accelerators and mnemonics greatly improved - 'File - New' allows editing a new policy without first selecting the file to save to - Common - PR1769: support signed applets which specify Sandbox permissions in their manifests - Temporary Permissions in security dialog now multi-selectable and based on PolicyEditor permissions - Update to 1.5.2 - NetX - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 - RH1154177 - decoded file needed from cache - fixed NPE in https dialog - empty codebase behaves as '.'
    last seen 2019-02-21
    modified 2015-09-23
    plugin id 86094
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86094
    title openSUSE Security Update : icedtea-web (openSUSE-2015-602)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-16971.NASL
    description Updated to icedtea-web 1.4.1 New in release 1.4.1 (2013-XX-YY) : - Improved and cleaned Temporary internet files panel - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file - PR854: Resizing an applet several times causes 100% CPU load - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - add icedtea-web man page - make check enabled again - should be build for non-standart archs - removed unused multilib arches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 70060
    published 2013-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70060
    title Fedora 20 : icedtea-web-1.4.1-0.fc20 (2013-16971)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1434.NASL
    description Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code. (CVE-2012-4540) Red Hat would like to thank Arthur Gerkis for reporting this issue. This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62871
    published 2012-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62871
    title CentOS 6 : icedtea-web (CESA-2012:1434)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-797.NASL
    description The IcedTea Web Java plugin was updated to 1.3.1 (bnc#787846) - Security Updates - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet - Common Bugfixes - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 fixes the self-signed issue (mentioned in bnc#784859, bnc#785333, bnc#786775)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74816
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74816
    title openSUSE Security Update : icedtea-web (openSUSE-SU-2012:1524-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17016.NASL
    description Updated to icedtea-web 1.4.1 New in release 1.4.1 (2013-XX-YY) : - Improved and cleaned Temporary internet files panel - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file - PR854: Resizing an applet several times causes 100% CPU load - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - add icedtea-web man page - make check enabled again - should be build for non-standart archs - removed unused multilib arches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 70296
    published 2013-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70296
    title Fedora 18 : icedtea-web-1.4.1-0.fc18 (2013-17016)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76303
    published 2014-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76303
    title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1625-1.NASL
    description Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62860
    published 2012-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62860
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerability (USN-1625-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ICEDTEA-WEB-121113.NASL
    description The IcedTea-Web Java plugin has been updated to version 1.3.1 to fix various bugs and security issues. 1.3.1 changes : - Security Updates - RH869040: Heap-based buffer overflow after triggering event attached to applet. (CVE-2012-4540) - Common - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 fixes the self-signed issue (mentioned in bnc#784859, bnc#785333, bnc#786775)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64156
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64156
    title SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7041)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2768.NASL
    description A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program. This problem was initially discovered by Arthur Gerkis and got assigned CVE-2012-4540. Fixes where applied in the 1.1, 1.2 and 1.3 branches but not to the 1.4 branch.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70303
    published 2013-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70303
    title Debian DSA-2768-1 : icedtea-web - heap-based buffer overflow
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17026.NASL
    description Updated to icedtea-web 1.4.1 New in release 1.4.1 (2013-XX-YY) : - Improved and cleaned Temporary internet files panel - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file - PR854: Resizing an applet several times causes 100% CPU load - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - add icedtea-web man page - make check enabled again - should be build for non-standart archs - removed unused multilib arches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 70037
    published 2013-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70037
    title Fedora 19 : icedtea-web-1.4.1-0.fc19 (2013-17026)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ICEDTEA-WEB-130924.NASL
    description This icedtea-web update adds a missing fix for an off-by-one heap-based buffer overflow. - icedtea-web 1.4.1 fixes the missing patch for CVE-2012-4540. (bnc#840572: CVE-2013-4349)
    last seen 2019-02-21
    modified 2014-11-04
    plugin id 70289
    published 2013-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70289
    title SuSE 11.2 / 11.3 Security Update : icedtea-web (SAT Patch Numbers 8357 / 8358)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-733.NASL
    description This icedtea-web update fixes several security issues. Changes in icedtea-web : - update to 1.4.1 (bnc#840572) - Improved and cleaned Temporary internet files panel - NetX - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file - Plugin - PR854: Resizing an applet several times causes 100% CPU load - Security Updates - CVE-2013-4349, RH869040: Heap-based buffer overflow after triggering event attached to applet CVE-2012-4540 nit fixed in icedtea-web 1.4 - Misc - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - need jpackage-utils on older distros - run more tests in %check - drop icedtea-web-AppContext.patch, already upstream - add javapackages-tools to build requires
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75156
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75156
    title openSUSE Security Update : icedtea-web (openSUSE-SU-2013:1509-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1434.NASL
    description From Red Hat Security Advisory 2012:1434 : Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code. (CVE-2012-4540) Red Hat would like to thank Arthur Gerkis for reporting this issue. This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68652
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68652
    title Oracle Linux 6 : icedtea-web (ELSA-2012-1434)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1434.NASL
    description Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code. (CVE-2012-4540) Red Hat would like to thank Arthur Gerkis for reporting this issue. This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62857
    published 2012-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62857
    title RHEL 6 : icedtea-web (RHSA-2012:1434)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20121107_ICEDTEA_WEB_ON_SL6_X.NASL
    description This erratum also upgrades IcedTea-Web to version 1.2.2. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62859
    published 2012-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62859
    title Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64
redhat via4
advisories
bugzilla
id 869040
title CVE-2012-4540 icedtea-web: IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment icedtea-web is earlier than 0:1.2.2-1.el6_3
        oval oval:com.redhat.rhsa:tst:20121434005
      • comment icedtea-web is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111100006
    • AND
      • comment icedtea-web-javadoc is earlier than 0:1.2.2-1.el6_3
        oval oval:com.redhat.rhsa:tst:20121434007
      • comment icedtea-web-javadoc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111100008
rhsa
id RHSA-2012:1434
released 2012-11-07
severity Critical
title RHSA-2012:1434: icedtea-web security update (Critical)
rpms
  • icedtea-web-0:1.2.2-1.el6_3
  • icedtea-web-javadoc-0:1.2.2-1.el6_3
refmap via4
bid
  • 56434
  • 62426
confirm
debian DSA-2768
gentoo GLSA-201406-32
mandriva MDVSA-2012:171
misc https://bugzilla.redhat.com/show_bug.cgi?id=869040
mlist
  • [distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!
  • [distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!
  • [oss-security] 20121107 IcedTea-Web CVE-2012-4540
sectrack 1027738
secunia
  • 51206
  • 51220
  • 51374
suse
  • openSUSE-SU-2012:1524
  • openSUSE-SU-2013:0174
  • openSUSE-SU-2013:1509
  • openSUSE-SU-2013:1511
  • openSUSE-SU-2015:1595
ubuntu USN-1625-1
xf icedtea-applet-bo(79894)
Last major update 31-05-2016 - 11:11
Published 11-11-2012 - 08:00
Last modified 30-10-2018 - 12:27
Back to Top