7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.7 High
AI Score
Confidence
High
0.109 Low
EPSS
Percentile
95.1%
Chamal De Silva discovered that the IcedTea-Web Java web browser
plugin could dereference an uninitialized pointer. A remote attacker
could use this to craft a malicious web page that could cause a
denial of service by crashing the web browser or possibly execute
arbitrary code. (CVE-2012-3422)
Steven Bergom and others discovered that the IcedTea-Web Java web
browser plugin assumed that all strings provided by browsers are NULL
terminated, which is not guaranteed by the NPAPI (Netscape Plugin
Application Programming Interface). A remote attacker could use this
to craft a malicious Java applet that could cause a denial of service
by crashing the web browser, expose sensitive information or possibly
execute arbitrary code. (CVE-2012-3423)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | icedtea-7-plugin | < 1.2-2ubuntu1.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | icedtea-6-plugin | < 1.2-2ubuntu1.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | icedtea-netx | < 1.2-2ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | icedtea-6-plugin | < 1.2-2ubuntu0.11.10.2 | UNKNOWN |
Ubuntu | 11.10 | noarch | icedtea-netx | < 1.2-2ubuntu0.11.10.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | icedtea-6-plugin | < 1.2-2ubuntu0.11.04.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | icedtea-netx | < 1.2-2ubuntu0.11.04.2 | UNKNOWN |
Ubuntu | 10.04 | noarch | icedtea-6-plugin | < 1.2-2ubuntu0.10.04.2 | UNKNOWN |
Ubuntu | 10.04 | noarch | icedtea-netx | < 1.2-2ubuntu0.10.04.2 | UNKNOWN |