#VU32732 Heap-based buffer overflow in icedtea-web - CVE-2012-4540

Cybersecurity Help s.r.o.

Published: 2012-11-11 | Updated: 2020-07-28

Vulnerability identifier: #VU32732

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-4540

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
icedtea-web

Vendor: redhat

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1. A remote attacker can use a crafted webpage that triggers a heap-based buffer overflow to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Update to version 1.1.7.

Vulnerable software versions

icedtea-web: 1.1.1 - 1.1.6

External links
https://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS
https://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f
https://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe
https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
https://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html
https://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html
https://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html
https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html
https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html
https://rhn.redhat.com/errata/RHSA-2012-1434.html
https://secunia.com/advisories/51206
https://secunia.com/advisories/51220
https://secunia.com/advisories/51374
https://security.gentoo.org/glsa/glsa-201406-32.xml
https://www.debian.org/security/2013/dsa-2768
https://www.mandriva.com/security/advisories?name=MDVSA-2012:171
https://www.openwall.com/lists/oss-security/2012/11/07/5
https://www.securityfocus.com/bid/56434
https://www.securityfocus.com/bid/62426
https://www.securitytracker.com/id?1027738
https://www.ubuntu.com/usn/USN-1625-1
https://bugzilla.redhat.com/show_bug.cgi?id=1007960
https://bugzilla.redhat.com/show_bug.cgi?id=869040
https://exchange.xforce.ibmcloud.com/vulnerabilities/79894

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Heap-based buffer overflow in icedtea-web (Alpine package)

Heap-based buffer overflow in redhat icedtea-web