IcedTea-Web CVE-2012-4540 Heap Based Buffer Overflow Vulnerability

IcedTea-Web is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

The issue is fixed in the following versions:

IcedTea-Web 1.1.7
IcedTea-Web 1.2.2
IcedTea-Web 1.3.1


 

Privacy Statement
Copyright 2010, SecurityFocus