CVE-2012-4248

critical

Description

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.

References

http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368

http://www.kb.cert.org/vuls/id/MORO-8WKGBN

http://www.kb.cert.org/vuls/id/122656

Details

Source: Mitre, NVD

Published: 2012-08-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01099