Uncontrolled Memory Access Vulnerability in IcedTea-Web Plugin

Uncontrolled Memory Access Vulnerability in IcedTea-Web Plugin

CVE-2012-3423 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

Learn more about our Web App Pen Testing.