CVE-2012-4248
Amazon Kindle Touch < 5.1.1 - Unauthenticated Unspecified Impact via NPAPI Plugin Interface
Title source: llmDescription
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/122656
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MORO-8WKGBN
Scores
EPSS
0.0231
EPSS Percentile
85.0%
Details
CWE
CWE-264
Status
published
Products (2)
amazon/kindle_touch
5.1.0
amazon/kindle_touch
< 5.1.1
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026