Uninitialized Pointer Vulnerability in IcedTea-Web Plugin

Uninitialized Pointer Vulnerability in IcedTea-Web Plugin

CVE-2012-3422 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

Learn more about our Web App Pen Testing.