This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
An uninitialized pointer use flaw was found in IcedTea-Web web browser
plugin. A malicious web page could use this flaw make IcedTea-Web
browser plugin pass invalid pointer to a web browser. Depending on the
browser used, it may cause the browser to crash or possibly execute
arbitrary code (CVE-2012-3422).
It was discovered that the IcedTea-Web web browser plugin incorrectly
assumed that all strings provided by browser are NUL terminated, which
is not guaranteed by the NPAPI (Netscape Plugin Application
Programming Interface). When used in a browser that does not NUL
terminate NPVariant NPStrings, this could lead to buffer over-read or
over-write, resulting in possible information leak, crash, or code
The updated packages have been upgraded to the 1.1.6 version which is
not affected by these issues.
Update the affected icedtea-web and / or icedtea-web-javadoc packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false