FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3423

This CVE name corresponds to:

Entered Topic
2012-08-13 Several vulnerabilities found in IcedTea-Web

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-3423 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-3423
Phase Assigned(20120614)

Description

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

References

Source Reference
MISC https://bugzilla.redhat.com/show_bug.cgi?id=841345
CONFIRM http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518
CONFIRM http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863
CONFIRM http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS
CONFIRM http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9
CONFIRM http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076
GENTOO GLSA-201406-32
REDHAT RHSA-2012:1132
SUSE SUSE-SU-2012:0979
SUSE openSUSE-SU-2012:0981
SUSE openSUSE-SU-2012:0982
SUSE openSUSE-SU-2013:0826
SUSE SUSE-SU-2013:0851
SUSE openSUSE-SU-2013:0893
SUSE openSUSE-SU-2013:0966
SUSE SUSE-SU-2013:1174
UBUNTU USN-1521-1
SECUNIA 50089

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.