QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-4540

Back to search

CVE-2012-4540

Published: Nov 11, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.

VendorProductVersions

n/a

n/a

affected
n/a

References

GLSA-201406-32
vendor-advisory
x_refsource_GENTOO
DSA-2768
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2015:1595
vendor-advisory
x_refsource_SUSE
56434
vdb-entry
x_refsource_BID
RHSA-2012:1434
vendor-advisory
x_refsource_REDHAT
51220
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2013:1511
vendor-advisory
x_refsource_SUSE
icedtea-applet-bo(79894)
vdb-entry
x_refsource_XF
51374
third-party-advisory
x_refsource_SECUNIA
1027738
vdb-entry
x_refsource_SECTRACK
USN-1625-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2013:1509
vendor-advisory
x_refsource_SUSE
51206
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:1524
vendor-advisory
x_refsource_SUSE
62426
vdb-entry
x_refsource_BID
MDVSA-2012:171
vendor-advisory
x_refsource_MANDRIVA
openSUSE-SU-2013:0174
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now