Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability

ID VU:122656
Type cert
Reporter CERT
Modified 2013-04-08T00:00:00



Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.


It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/ (symlinked to /usrl/lib/browser/plugins/ that can be used by the system-wide WebKit engine. libkindlepluginis scriptable by the browser and can be invoked to access its "exported" native methods when a user accesses a web page containing embedded scripts.

The user eureka has reported on the MobileRead forums that they have found multiple "exported" properties and methods associated with libkindleplugin.

* `property test (it just returns number 500)`
* `method dev.log`
* `method lipc.set`
* `method lipc.get`
* `method todo.scheduleItems`
* `plugin.test`
* `plugin.lipc.test`
* ``
* `plugin.todo.test`


By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.