{"vuid":"VU#122656","idnumber":"122656","name":"Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability","keywords":["kindle","touch","libkindleplugin"],"overview":"Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.","clean_desc":"It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so (symlinked to /usrl/lib/browser/plugins/libkindleplugin.so) that can be used by the system-wide WebKit engine. libkindleplugin is scriptable by the browser and can be invoked to access its \"exported\" native methods when a user accesses a web page containing embedded scripts. The user eureka has reported on the MobileRead forums that they have found multiple \"exported\" properties and methods associated with libkindleplugin. property test (it just returns number 500)\nmethod dev.log\nmethod lipc.set\nmethod lipc.get\nmethod todo.scheduleItems\nplugin.test\nplugin.lipc.test\nplugin.dev.test\nplugin.todo.test","impact":"By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.","resolution":"Update It has been reported that Kindle Touch 5.1.2 deletes the NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser. Users are advised to upgrade to Kindle Touch 5.1.2.","workarounds":"Disable libkindleplugin Users are advised to disable libkindleplugin by renaming or removing the /usr/lib/browser/plugins/libkindleplugin.so symlink.","sysaffected":"","thanks":"Thanks to eureka on the MobileRead forums for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","m","o","b","i","l","e","r","e","a","d",".","c","o","m","/","f","o","r","u","m","s","/","s","h","o","w","t","h","r","e","a","d",".","p","h","p","?","s","=","c","7","9","5","3","c","c","5","5","3","a","4","a","a","a","3","6","e","8","8","0","b","2","5","a","a","1","a","6","b","f","6","&","t","=","1","7","5","3","6","8"],"cveids":["CVE-2012-4248","CVE-2012-4249"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-07-25T11:41:23Z","publicdate":"2012-04-04T00:00:00Z","datefirstpublished":"2012-07-30T19:03:26Z","dateupdated":"2013-04-08T23:37:56Z","revision":22,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.3","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.3","cvss_environmentalscore":"1.8","cvss_environmentalvector":"CDP:N/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}