Uncontrolled Memory Access Vulnerability in IcedTea-Web Plugin
CVE-2012-3423 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Learn more about our Web App Pen Testing.