Uninitialized Pointer Vulnerability in IcedTea-Web Plugin
CVE-2012-3422 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Learn more about our Web App Pen Testing.