ID CVE-2012-4540
Summary Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 869040
title CVE-2012-4540 icedtea-web: IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment icedtea-web is earlier than 0:1.2.2-1.el6_3
        oval oval:com.redhat.rhsa:tst:20121434005
      • comment icedtea-web is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141417006
    • AND
      • comment icedtea-web-javadoc is earlier than 0:1.2.2-1.el6_3
        oval oval:com.redhat.rhsa:tst:20121434007
      • comment icedtea-web-javadoc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141417008
rhsa
id RHSA-2012:1434
released 2012-11-07
severity Critical
title RHSA-2012:1434: icedtea-web security update (Critical)
rpms
  • icedtea-web-0:1.2.2-1.el6_3
  • icedtea-web-javadoc-0:1.2.2-1.el6_3
refmap via4
bid
  • 56434
  • 62426
confirm
debian DSA-2768
gentoo GLSA-201406-32
mandriva MDVSA-2012:171
misc https://bugzilla.redhat.com/show_bug.cgi?id=869040
mlist
  • [distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!
  • [distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!
  • [oss-security] 20121107 IcedTea-Web CVE-2012-4540
sectrack 1027738
secunia
  • 51206
  • 51220
  • 51374
suse
  • openSUSE-SU-2012:1524
  • openSUSE-SU-2013:0174
  • openSUSE-SU-2013:1509
  • openSUSE-SU-2013:1511
  • openSUSE-SU-2015:1595
ubuntu USN-1625-1
xf icedtea-applet-bo(79894)
Last major update 30-10-2018 - 16:27
Published 11-11-2012 - 13:00
Back to Top